1ed81dd52SAlek Pinchuk #!/usr/sbin/dtrace -s 2ed81dd52SAlek Pinchuk /* 3ed81dd52SAlek Pinchuk * This file and its contents are supplied under the terms of the 4ed81dd52SAlek Pinchuk * Common Development and Distribution License ("CDDL"), version 1.0. 5ed81dd52SAlek Pinchuk * You may only use this file in accordance with the terms of version 6ed81dd52SAlek Pinchuk * 1.0 of the CDDL. 7ed81dd52SAlek Pinchuk * 8ed81dd52SAlek Pinchuk * A full copy of the text of the CDDL should have accompanied this 9ed81dd52SAlek Pinchuk * source. A copy of the CDDL is also available via the Internet at 10ed81dd52SAlek Pinchuk * http://www.illumos.org/license/CDDL. 11ed81dd52SAlek Pinchuk */ 12ed81dd52SAlek Pinchuk 13ed81dd52SAlek Pinchuk /* 14*d1855c81SGordon Ross * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 15ed81dd52SAlek Pinchuk */ 16ed81dd52SAlek Pinchuk 17ed81dd52SAlek Pinchuk /* 18ed81dd52SAlek Pinchuk * User-level dtrace for the smbd authentication service 19ed81dd52SAlek Pinchuk * Usage: dtrace -s smbd-authsvc.d -p `pgrep smbd` 20ed81dd52SAlek Pinchuk */ 21ed81dd52SAlek Pinchuk 22ed81dd52SAlek Pinchuk #pragma D option flowindent 23ed81dd52SAlek Pinchuk 24ed81dd52SAlek Pinchuk self int trace; 25ed81dd52SAlek Pinchuk self int mask; 26ed81dd52SAlek Pinchuk 27ed81dd52SAlek Pinchuk /* 28ed81dd52SAlek Pinchuk * The smbd_authsvc_work() function is a good place to start tracing 29ed81dd52SAlek Pinchuk * to watch authentication. This function executes all the actions 30ed81dd52SAlek Pinchuk * associated with a single session setup conversation (even though 31ed81dd52SAlek Pinchuk * that conversation will usually involve multiple SMB requests). 32ed81dd52SAlek Pinchuk */ 33ed81dd52SAlek Pinchuk pid$target:*smbd:smbd_authsvc_work:entry 34ed81dd52SAlek Pinchuk { 35ed81dd52SAlek Pinchuk self->trace++; 36ed81dd52SAlek Pinchuk } 37ed81dd52SAlek Pinchuk 38ed81dd52SAlek Pinchuk /* 39ed81dd52SAlek Pinchuk * If traced and not masked, print entry/return 40ed81dd52SAlek Pinchuk */ 41ed81dd52SAlek Pinchuk pid$target:*smbd::entry, 42ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::entry, 43*d1855c81SGordon Ross pid$target:libmlrpc.so.2::entry, 44ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::entry, 45ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::entry, 46ed81dd52SAlek Pinchuk pid$target:libsmbfs.so.1::entry 47ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 48ed81dd52SAlek Pinchuk { 49ed81dd52SAlek Pinchuk printf("\t0x%x", arg0); 50ed81dd52SAlek Pinchuk printf("\t0x%x", arg1); 51ed81dd52SAlek Pinchuk printf("\t0x%x", arg2); 52ed81dd52SAlek Pinchuk printf("\t0x%x", arg3); 53ed81dd52SAlek Pinchuk printf("\t0x%x", arg4); 54ed81dd52SAlek Pinchuk printf("\t0x%x", arg5); 55ed81dd52SAlek Pinchuk } 56ed81dd52SAlek Pinchuk 57ed81dd52SAlek Pinchuk /* 58ed81dd52SAlek Pinchuk * Mask (don't print) all function calls below these functions. 59ed81dd52SAlek Pinchuk * These make many boring, repetitive function calls like 60ed81dd52SAlek Pinchuk * smb_mbtowc, smb_msgbuf_has_space, ... 61ed81dd52SAlek Pinchuk * 62ed81dd52SAlek Pinchuk * Also, libmlrpc has rather deep call stacks, particularly under 63ed81dd52SAlek Pinchuk * ndr_encode_decode_common(), so this stops traces below there. 64ed81dd52SAlek Pinchuk * Remove that from the mask actions to see the details. 65ed81dd52SAlek Pinchuk */ 66ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:entry, 67ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:entry, 68ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:entry, 69ed81dd52SAlek Pinchuk pid$target::smb_strlwr:entry, 70ed81dd52SAlek Pinchuk pid$target::smb_strupr:entry, 71ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:entry 72ed81dd52SAlek Pinchuk { 73ed81dd52SAlek Pinchuk self->mask++; 74ed81dd52SAlek Pinchuk } 75ed81dd52SAlek Pinchuk 76ed81dd52SAlek Pinchuk /* 77ed81dd52SAlek Pinchuk * Now inverses of above, unwind order. 78ed81dd52SAlek Pinchuk */ 79ed81dd52SAlek Pinchuk 80ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:return, 81ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:return, 82ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:return, 83ed81dd52SAlek Pinchuk pid$target::smb_strlwr:return, 84ed81dd52SAlek Pinchuk pid$target::smb_strupr:return, 85ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:return 86ed81dd52SAlek Pinchuk { 87ed81dd52SAlek Pinchuk self->mask--; 88ed81dd52SAlek Pinchuk } 89ed81dd52SAlek Pinchuk 90ed81dd52SAlek Pinchuk pid$target:*smbd::return, 91ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::return, 92*d1855c81SGordon Ross pid$target:libmlrpc.so.2::return, 93ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::return, 94ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::return, 95ed81dd52SAlek Pinchuk pid$target:libsmbfs.so.1::return 96ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 97ed81dd52SAlek Pinchuk { 98ed81dd52SAlek Pinchuk printf("\t0x%x", arg1); 99ed81dd52SAlek Pinchuk } 100ed81dd52SAlek Pinchuk 101ed81dd52SAlek Pinchuk pid$target:*smbd:smbd_authsvc_work:return 102ed81dd52SAlek Pinchuk { 103ed81dd52SAlek Pinchuk self->trace--; 104ed81dd52SAlek Pinchuk } 105