1da6c28aaSamw #!/usr/sbin/dtrace -s 2da6c28aaSamw /* 3da6c28aaSamw * CDDL HEADER START 4da6c28aaSamw * 5da6c28aaSamw * The contents of this file are subject to the terms of the 6da6c28aaSamw * Common Development and Distribution License (the "License"). 7da6c28aaSamw * You may not use this file except in compliance with the License. 8da6c28aaSamw * 9da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 11da6c28aaSamw * See the License for the specific language governing permissions 12da6c28aaSamw * and limitations under the License. 13da6c28aaSamw * 14da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 15da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 17da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 18da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 19da6c28aaSamw * 20da6c28aaSamw * CDDL HEADER END 21da6c28aaSamw */ 22da6c28aaSamw /* 23da6c28aaSamw * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24da6c28aaSamw * Use is subject to license terms. 25da6c28aaSamw */ 26da6c28aaSamw 27da6c28aaSamw #pragma ident "%Z%%M% %I% %E% SMI" 28da6c28aaSamw 29da6c28aaSamw /* 30da6c28aaSamw * Usage: ./msrpc.d -p `pgrep smbd` 31da6c28aaSamw * 32da6c28aaSamw * On multi-processor systems, it may be easier to follow the output 33da6c28aaSamw * if run on a single processor: see psradm. For example, to disable 34da6c28aaSamw * the second processor on a dual-processor system: psradm -f 1 35*55bf511dSas200622 * 36*55bf511dSas200622 * This script can be used to trace NDR operations and MSRPC requests. 37*55bf511dSas200622 * In order to put these operations in context, SMB session and tree 38*55bf511dSas200622 * requests are also traced. 39*55bf511dSas200622 * 40*55bf511dSas200622 * Output formatting is as follows: 41*55bf511dSas200622 * 42*55bf511dSas200622 * UI 03 ... rpc_vers get 1@0 = 5 {05} 43*55bf511dSas200622 * UI 03 ... rpc_vers_minor get 1@1 = 0 {00} 44*55bf511dSas200622 * 45*55bf511dSas200622 * U Marshalling flag (M=marshal, U=unmarshal) 46*55bf511dSas200622 * I Direction flag (I=in, O=out) 47*55bf511dSas200622 * ... Field name 48*55bf511dSas200622 * get PDU operation (get or put) 49*55bf511dSas200622 * 1@0 Bytes @ offset (i.e. 1 byte at offset 0) 50*55bf511dSas200622 * {05} Value 51*55bf511dSas200622 * 52*55bf511dSas200622 * The value formatting is limited to 10 bytes, after which an ellipsis 53*55bf511dSas200622 * will be inserted before the closing brace. If the value is 1 or 2 54*55bf511dSas200622 * bytes, an attempt will be made to present an ASCII value but this may 55*55bf511dSas200622 * or may not be relevent. 56*55bf511dSas200622 * 57*55bf511dSas200622 * The following example shows the header from a bind response: 58*55bf511dSas200622 * 59*55bf511dSas200622 * trace:entry MO 03 ... rpc_vers put 1@0 = 5 {05} 60*55bf511dSas200622 * trace:entry MO 03 ... rpc_vers_minor put 1@1 = 0 {00} 61*55bf511dSas200622 * trace:entry MO 03 ... ptype put 1@2 = 12 {0c} 62*55bf511dSas200622 * trace:entry MO 03 ... pfc_flags put 1@3 = 3 {03} 63*55bf511dSas200622 * trace:entry MO 04 .... intg_char_rep put 1@4 = 16 {10} 64*55bf511dSas200622 * trace:entry MO 04 .... float_rep put 1@5 = 0 {00} 65*55bf511dSas200622 * trace:entry MO 04 .... _spare[0] put 1@6 = 0 {00} 66*55bf511dSas200622 * trace:entry MO 04 .... _spare[1] put 1@7 = 0 {00} 67*55bf511dSas200622 * trace:entry MO 03 ... frag_length put 2@8 = 68 {44 00} D 68*55bf511dSas200622 * trace:entry MO 03 ... auth_length put 2@10 = 0 {00 00} 69*55bf511dSas200622 * trace:entry MO 03 ... call_id put 4@12 = 1 {01 00 00 00} 70*55bf511dSas200622 * trace:entry MO 02 .. max_xmit_frag put 2@16 = 4280 {b8 10} 71*55bf511dSas200622 * trace:entry MO 02 .. max_recv_frag put 2@18 = 4280 {b8 10} 72*55bf511dSas200622 * trace:entry MO 02 .. assoc_group_id put 4@20 = 1192620711 {a7 f2 15 47} 73*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.length put 2@24 = 12 {0c 00} 74*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[0] put 1@26 = 92 {5c} \ 75*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[1] put 1@27 = 80 {50} P 76*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[2] put 1@28 = 73 {49} I 77*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[3] put 1@29 = 80 {50} P 78*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[4] put 1@30 = 69 {45} E 79*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[5] put 1@31 = 92 {5c} \ 80*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[6] put 1@32 = 108 {6c} l 81*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[7] put 1@33 = 115 {73} s 82*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[8] put 1@34 = 97 {61} a 83*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[9] put 1@35 = 115 {73} s 84*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[10] put 1@36 = 115 {73} s 85*55bf511dSas200622 * trace:entry MO 02 .. sec_addr.port_spec[11] put 1@37 = 0 {00} 86da6c28aaSamw */ 87da6c28aaSamw 88da6c28aaSamw /* 89da6c28aaSamw * SmbSessionSetupX, SmbLogoffX 90da6c28aaSamw * SmbTreeConnect, SmbTreeDisconnect 91da6c28aaSamw */ 92da6c28aaSamw smb_session*:entry, 93da6c28aaSamw smb_tree*:entry, 94da6c28aaSamw smb_com_*:entry, 95da6c28aaSamw smb_com_*:return, 96da6c28aaSamw smb_com_session_setup_andx:entry, 97da6c28aaSamw smb_com_logoff_andx:entry, 98da6c28aaSamw smb_tree_connect:return, 99da6c28aaSamw smb_tree_disconnect:entry, 100da6c28aaSamw smb_tree_disconnect:return 101da6c28aaSamw { 102da6c28aaSamw } 103da6c28aaSamw 104da6c28aaSamw smb_com_session_setup_andx:return, 105da6c28aaSamw smb_session*:return, 106da6c28aaSamw smb_user*:return, 107da6c28aaSamw smb_tree*:return 108da6c28aaSamw { 109da6c28aaSamw printf("rc=%d", arg1); 110da6c28aaSamw } 111da6c28aaSamw 112da6c28aaSamw sdt:smbsrv::smb-sessionsetup-clntinfo 113da6c28aaSamw { 114da6c28aaSamw clnt = (netr_client_t *)arg0; 115da6c28aaSamw 116da6c28aaSamw printf("domain=%s\n\n", stringof(clnt->domain)); 117da6c28aaSamw printf("username=%s\n\n", stringof(clnt->username)); 118da6c28aaSamw } 119da6c28aaSamw 120da6c28aaSamw smb_tree_connect:entry 121da6c28aaSamw { 122da6c28aaSamw printf("share=%s service=%s", 123da6c28aaSamw stringof(arg3), stringof(arg4)); 124da6c28aaSamw } 125da6c28aaSamw 126da6c28aaSamw smb_com_logoff_andx:return 127da6c28aaSamw { 128da6c28aaSamw exit(0); 129da6c28aaSamw } 130da6c28aaSamw 131da6c28aaSamw /* 132da6c28aaSamw * Raise error functions (no return). 133da6c28aaSamw */ 134da6c28aaSamw smbsr_raise_error:entry 135da6c28aaSamw { 136da6c28aaSamw printf("class=%d code=%d", arg1, arg2); 137da6c28aaSamw } 138da6c28aaSamw 139da6c28aaSamw smbsr_raise_cifs_error:entry 140da6c28aaSamw { 141da6c28aaSamw printf("status=0x%08x class=%d, code=%d", arg1, arg2, arg3); 142da6c28aaSamw } 143da6c28aaSamw 144da6c28aaSamw smbsr_raise_nt_error:entry 145da6c28aaSamw { 146da6c28aaSamw printf("error=0x%08x", arg1); 147da6c28aaSamw } 148da6c28aaSamw 149da6c28aaSamw smbsr_raise_errno:entry 150da6c28aaSamw { 151da6c28aaSamw printf("errno=%d", arg1); 152da6c28aaSamw } 153da6c28aaSamw 154da6c28aaSamw /* 155da6c28aaSamw * MSRPC activity. 156da6c28aaSamw */ 157da6c28aaSamw pid$target::mlrpc_s_bind:entry, 158da6c28aaSamw pid$target::mlrpc_s_bind:return, 159da6c28aaSamw pid$target::mlrpc_s_request:entry, 160da6c28aaSamw pid$target::mlrpc_s_request:return 161da6c28aaSamw { 162da6c28aaSamw } 163da6c28aaSamw 164da6c28aaSamw pid$target::smb_trace:entry, 165da6c28aaSamw pid$target::mlndo_trace:entry 166da6c28aaSamw { 167da6c28aaSamw printf("%s", copyinstr(arg0)); 168da6c28aaSamw } 169da6c28aaSamw 170da6c28aaSamw /* 171da6c28aaSamw * LSARPC 172da6c28aaSamw */ 173da6c28aaSamw pid$target::lsarpc_s_CloseHandle:entry, 174da6c28aaSamw pid$target::lsarpc_s_QuerySecurityObject:entry, 175da6c28aaSamw pid$target::lsarpc_s_EnumAccounts:entry, 176da6c28aaSamw pid$target::lsarpc_s_EnumTrustedDomain:entry, 177da6c28aaSamw pid$target::lsarpc_s_OpenAccount:entry, 178da6c28aaSamw pid$target::lsarpc_s_EnumPrivsAccount:entry, 179da6c28aaSamw pid$target::lsarpc_s_LookupPrivValue:entry, 180da6c28aaSamw pid$target::lsarpc_s_LookupPrivName:entry, 181da6c28aaSamw pid$target::lsarpc_s_LookupPrivDisplayName:entry, 182da6c28aaSamw pid$target::lsarpc_s_QueryInfoPolicy:entry, 183da6c28aaSamw pid$target::lsarpc_s_OpenDomainHandle:entry, 184da6c28aaSamw pid$target::lsarpc_s_OpenDomainHandle:entry, 185da6c28aaSamw pid$target::lsarpc_s_LookupSids:entry, 186da6c28aaSamw pid$target::lsarpc_s_LookupNames:entry, 187da6c28aaSamw pid$target::lsarpc_s_GetConnectedUser:entry, 188da6c28aaSamw pid$target::lsarpc_s_LookupSids2:entry, 189da6c28aaSamw pid$target::lsarpc_s_LookupNames2:entry 190da6c28aaSamw { 191da6c28aaSamw } 192da6c28aaSamw 193da6c28aaSamw pid$target::lsarpc_s_CloseHandle:return, 194da6c28aaSamw pid$target::lsarpc_s_QuerySecurityObject:return, 195da6c28aaSamw pid$target::lsarpc_s_EnumAccounts:return, 196da6c28aaSamw pid$target::lsarpc_s_EnumTrustedDomain:return, 197da6c28aaSamw pid$target::lsarpc_s_OpenAccount:return, 198da6c28aaSamw pid$target::lsarpc_s_EnumPrivsAccount:return, 199da6c28aaSamw pid$target::lsarpc_s_LookupPrivValue:return, 200da6c28aaSamw pid$target::lsarpc_s_LookupPrivName:return, 201da6c28aaSamw pid$target::lsarpc_s_LookupPrivDisplayName:return, 202da6c28aaSamw pid$target::lsarpc_s_QueryInfoPolicy:return, 203da6c28aaSamw pid$target::lsarpc_s_OpenDomainHandle:return, 204da6c28aaSamw pid$target::lsarpc_s_OpenDomainHandle:return, 205da6c28aaSamw pid$target::lsarpc_s_LookupSids:return, 206da6c28aaSamw pid$target::lsarpc_s_LookupNames:return, 207da6c28aaSamw pid$target::lsarpc_s_GetConnectedUser:return, 208da6c28aaSamw pid$target::lsarpc_s_LookupSids2:return, 209da6c28aaSamw pid$target::lsarpc_s_LookupNames2:return 210da6c28aaSamw { 211da6c28aaSamw } 212da6c28aaSamw 213da6c28aaSamw /* 214da6c28aaSamw * NetLogon 215da6c28aaSamw */ 216da6c28aaSamw pid$target::netr_s_*:entry, 217da6c28aaSamw pid$target::netr_s_*:return 218da6c28aaSamw { 219da6c28aaSamw } 220da6c28aaSamw 221da6c28aaSamw /* 222da6c28aaSamw * SAMR 223da6c28aaSamw */ 224da6c28aaSamw pid$target::samr_s_ConnectAnon:entry, 225da6c28aaSamw pid$target::samr_s_CloseHandle:entry, 226da6c28aaSamw pid$target::samr_s_LookupDomain:entry, 227da6c28aaSamw pid$target::samr_s_EnumLocalDomains:entry, 228da6c28aaSamw pid$target::samr_s_OpenDomain:entry, 229da6c28aaSamw pid$target::samr_s_QueryDomainInfo:entry, 230da6c28aaSamw pid$target::samr_s_LookupNames:entry, 231da6c28aaSamw pid$target::samr_s_OpenUser:entry, 232da6c28aaSamw pid$target::samr_s_DeleteUser:entry, 233da6c28aaSamw pid$target::samr_s_QueryUserInfo:entry, 234da6c28aaSamw pid$target::samr_s_QueryUserGroups:entry, 235da6c28aaSamw pid$target::samr_s_OpenGroup:entry, 236da6c28aaSamw pid$target::samr_s_Connect:entry, 237da6c28aaSamw pid$target::samr_s_GetUserPwInfo:entry, 238da6c28aaSamw pid$target::samr_s_CreateUser:entry, 239da6c28aaSamw pid$target::samr_s_ChangeUserPasswd:entry, 240da6c28aaSamw pid$target::samr_s_GetDomainPwInfo:entry, 241da6c28aaSamw pid$target::samr_s_SetUserInfo:entry, 242da6c28aaSamw pid$target::samr_s_Connect3:entry, 243da6c28aaSamw pid$target::samr_s_Connect4:entry, 244da6c28aaSamw pid$target::samr_s_QueryDispInfo:entry, 245da6c28aaSamw pid$target::samr_s_OpenAlias:entry, 246da6c28aaSamw pid$target::samr_s_CreateDomainAlias:entry, 247da6c28aaSamw pid$target::samr_s_SetAliasInfo:entry, 248da6c28aaSamw pid$target::samr_s_QueryAliasInfo:entry, 249da6c28aaSamw pid$target::samr_s_DeleteDomainAlias:entry, 250da6c28aaSamw pid$target::samr_s_EnumDomainAliases:entry, 251da6c28aaSamw pid$target::samr_s_EnumDomainGroups:entry 252da6c28aaSamw { 253da6c28aaSamw } 254da6c28aaSamw 255da6c28aaSamw pid$target::samr_s_ConnectAnon:return, 256da6c28aaSamw pid$target::samr_s_CloseHandle:return, 257da6c28aaSamw pid$target::samr_s_LookupDomain:return, 258da6c28aaSamw pid$target::samr_s_EnumLocalDomains:return, 259da6c28aaSamw pid$target::samr_s_OpenDomain:return, 260da6c28aaSamw pid$target::samr_s_QueryDomainInfo:return, 261da6c28aaSamw pid$target::samr_s_LookupNames:return, 262da6c28aaSamw pid$target::samr_s_OpenUser:return, 263da6c28aaSamw pid$target::samr_s_DeleteUser:return, 264da6c28aaSamw pid$target::samr_s_QueryUserInfo:return, 265da6c28aaSamw pid$target::samr_s_QueryUserGroups:return, 266da6c28aaSamw pid$target::samr_s_OpenGroup:return, 267da6c28aaSamw pid$target::samr_s_Connect:return, 268da6c28aaSamw pid$target::samr_s_GetUserPwInfo:return, 269da6c28aaSamw pid$target::samr_s_CreateUser:return, 270da6c28aaSamw pid$target::samr_s_ChangeUserPasswd:return, 271da6c28aaSamw pid$target::samr_s_GetDomainPwInfo:return, 272da6c28aaSamw pid$target::samr_s_SetUserInfo:return, 273da6c28aaSamw pid$target::samr_s_Connect3:return, 274da6c28aaSamw pid$target::samr_s_Connect4:return, 275da6c28aaSamw pid$target::samr_s_QueryDispInfo:return, 276da6c28aaSamw pid$target::samr_s_OpenAlias:return, 277da6c28aaSamw pid$target::samr_s_CreateDomainAlias:return, 278da6c28aaSamw pid$target::samr_s_SetAliasInfo:return, 279da6c28aaSamw pid$target::samr_s_QueryAliasInfo:return, 280da6c28aaSamw pid$target::samr_s_DeleteDomainAlias:return, 281da6c28aaSamw pid$target::samr_s_EnumDomainAliases:return, 282da6c28aaSamw pid$target::samr_s_EnumDomainGroups:return 283da6c28aaSamw { 284da6c28aaSamw } 285da6c28aaSamw 286da6c28aaSamw /* 287da6c28aaSamw * SVCCTL 288da6c28aaSamw */ 289da6c28aaSamw pid$target::svcctl_s_*:entry, 290da6c28aaSamw pid$target::svcctl_s_*:return 291da6c28aaSamw { 292da6c28aaSamw } 293da6c28aaSamw 294da6c28aaSamw /* 295da6c28aaSamw * SRVSVC 296da6c28aaSamw */ 297da6c28aaSamw pid$target::srvsvc_s_NetConnectEnum:entry, 298da6c28aaSamw pid$target::srvsvc_s_NetFileEnum:entry, 299da6c28aaSamw pid$target::srvsvc_s_NetFileClose:entry, 300da6c28aaSamw pid$target::srvsvc_s_NetShareGetInfo:entry, 301da6c28aaSamw pid$target::srvsvc_s_NetShareSetInfo:entry, 302da6c28aaSamw pid$target::srvsvc_s_NetSessionEnum:entry, 303da6c28aaSamw pid$target::srvsvc_s_NetSessionDel:entry, 304da6c28aaSamw pid$target::srvsvc_s_NetServerGetInfo:entry, 305da6c28aaSamw pid$target::srvsvc_s_NetRemoteTOD:entry, 306da6c28aaSamw pid$target::srvsvc_s_NetNameValidate:entry, 307da6c28aaSamw pid$target::srvsvc_s_NetShareAdd:entry, 308da6c28aaSamw pid$target::srvsvc_s_NetShareDel:entry, 309da6c28aaSamw pid$target::srvsvc_s_NetShareEnum:entry, 310da6c28aaSamw pid$target::srvsvc_s_NetShareEnumSticky:entry, 311da6c28aaSamw pid$target::srvsvc_s_NetGetFileSecurity:entry, 312da6c28aaSamw pid$target::srvsvc_s_NetSetFileSecurity:entry 313da6c28aaSamw { 314da6c28aaSamw } 315da6c28aaSamw 316da6c28aaSamw pid$target::srvsvc_s_NetConnectEnum:return, 317da6c28aaSamw pid$target::srvsvc_s_NetFileEnum:return, 318da6c28aaSamw pid$target::srvsvc_s_NetFileClose:return, 319da6c28aaSamw pid$target::srvsvc_s_NetShareGetInfo:return, 320da6c28aaSamw pid$target::srvsvc_s_NetShareSetInfo:return, 321da6c28aaSamw pid$target::srvsvc_s_NetSessionEnum:return, 322da6c28aaSamw pid$target::srvsvc_s_NetSessionDel:return, 323da6c28aaSamw pid$target::srvsvc_s_NetServerGetInfo:return, 324da6c28aaSamw pid$target::srvsvc_s_NetRemoteTOD:return, 325da6c28aaSamw pid$target::srvsvc_s_NetNameValidate:return, 326da6c28aaSamw pid$target::srvsvc_s_NetShareAdd:return, 327da6c28aaSamw pid$target::srvsvc_s_NetShareDel:return, 328da6c28aaSamw pid$target::srvsvc_s_NetShareEnum:return, 329da6c28aaSamw pid$target::srvsvc_s_NetShareEnumSticky:return, 330da6c28aaSamw pid$target::srvsvc_s_NetGetFileSecurity:return, 331da6c28aaSamw pid$target::srvsvc_s_NetSetFileSecurity:return 332da6c28aaSamw { 333da6c28aaSamw } 334da6c28aaSamw 335da6c28aaSamw /* 336da6c28aaSamw * WinReg 337da6c28aaSamw */ 338da6c28aaSamw pid$target::winreg_s_*:entry, 339da6c28aaSamw pid$target::winreg_s_*:return 340da6c28aaSamw { 341da6c28aaSamw } 342da6c28aaSamw 343da6c28aaSamw /* 344da6c28aaSamw * Workstation 345da6c28aaSamw */ 346da6c28aaSamw pid$target::wkssvc_s_*:entry, 347da6c28aaSamw pid$target::wkssvc_s_*:return 348da6c28aaSamw { 349da6c28aaSamw } 350*55bf511dSas200622 351*55bf511dSas200622 /* 352*55bf511dSas200622 * SMBRDR 353*55bf511dSas200622 */ 354*55bf511dSas200622 pid$target::smbrdr_*:entry, 355*55bf511dSas200622 pid$target::smbrdr_*:return 356*55bf511dSas200622 { 357*55bf511dSas200622 } 358*55bf511dSas200622 359*55bf511dSas200622 pid$target::mlsvc_tree_connect:entry 360*55bf511dSas200622 { 361*55bf511dSas200622 printf("%s %s %s", 362*55bf511dSas200622 copyinstr(arg0), 363*55bf511dSas200622 copyinstr(arg1), 364*55bf511dSas200622 copyinstr(arg2)); 365*55bf511dSas200622 } 366*55bf511dSas200622 367*55bf511dSas200622 pid$target::mlsvc_open_pipe:entry 368*55bf511dSas200622 { 369*55bf511dSas200622 printf("%s %s %s %s", 370*55bf511dSas200622 copyinstr(arg0), 371*55bf511dSas200622 copyinstr(arg1), 372*55bf511dSas200622 copyinstr(arg2), 373*55bf511dSas200622 copyinstr(arg3)); 374*55bf511dSas200622 } 375*55bf511dSas200622 376*55bf511dSas200622 pid$target::mlsvc_close_pipe:entry 377*55bf511dSas200622 { 378*55bf511dSas200622 } 379*55bf511dSas200622 380*55bf511dSas200622 pid$target::mlsvc_tree_connect:return, 381*55bf511dSas200622 pid$target::mlsvc_open_pipe:return, 382*55bf511dSas200622 pid$target::mlsvc_close_pipe:return 383*55bf511dSas200622 { 384*55bf511dSas200622 printf("%d", arg1); 385*55bf511dSas200622 } 386