xref: /titanic_41/usr/src/cmd/smbsrv/dtrace/msrpc.d (revision 4d594c339b4bc590af28251f4d30380f003d6c35)
1 #!/usr/sbin/dtrace -s
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * Usage:	./msrpc.d -p `pgrep smbd`
31  *
32  * On multi-processor systems, it may be easier to follow the output
33  * if run on a single processor: see psradm.  For example, to disable
34  * the second processor on a dual-processor system:	psradm -f 1
35  *
36  * This script can be used to trace NDR operations and MSRPC requests.
37  * In order to put these operations in context, SMB session and tree
38  * requests are also traced.
39  *
40  * Output formatting is as follows:
41  *
42  *      UI 03 ... rpc_vers           get 1@0   =    5 {05}
43  *      UI 03 ... rpc_vers_minor     get 1@1   =    0 {00}
44  *
45  *      U       Marshalling flag (M=marshal, U=unmarshal)
46  *      I       Direction flag (I=in, O=out)
47  *      ...     Field name
48  *      get     PDU operation (get or put)
49  *      1@0     Bytes @ offset (i.e. 1 byte at offset 0)
50  *      {05}    Value
51  *
52  * The value formatting is limited to 10 bytes, after which an ellipsis
53  * will be inserted before the closing brace.  If the value is 1 or 2
54  * bytes, an attempt will be made to present an ASCII value but this may
55  * or may not be relevent.
56  *
57  * The following example shows the header from a bind response:
58  *
59  *  trace:entry MO 03 ... rpc_vers         put 1@0   =    5 {05}
60  *  trace:entry MO 03 ... rpc_vers_minor   put 1@1   =    0 {00}
61  *  trace:entry MO 03 ... ptype            put 1@2   =   12 {0c}
62  *  trace:entry MO 03 ... pfc_flags        put 1@3   =    3 {03}
63  *  trace:entry MO 04 .... intg_char_rep   put 1@4   =   16 {10}
64  *  trace:entry MO 04 .... float_rep       put 1@5   =    0 {00}
65  *  trace:entry MO 04 .... _spare[0]       put 1@6   =    0 {00}
66  *  trace:entry MO 04 .... _spare[1]       put 1@7   =    0 {00}
67  *  trace:entry MO 03 ... frag_length      put 2@8   =   68 {44 00} D
68  *  trace:entry MO 03 ... auth_length      put 2@10  =    0 {00 00}
69  *  trace:entry MO 03 ... call_id          put 4@12  =    1 {01 00 00 00}
70  *  trace:entry MO 02 .. max_xmit_frag     put 2@16  = 4280 {b8 10}
71  *  trace:entry MO 02 .. max_recv_frag     put 2@18  = 4280 {b8 10}
72  *  trace:entry MO 02 .. assoc_group_id    put 4@20  = 1192620711 {a7 f2 15 47}
73  *  trace:entry MO 02 .. sec_addr.length   put 2@24  =   12 {0c 00}
74  *  trace:entry MO 02 .. sec_addr.port_spec[0]  put 1@26  =   92 {5c} \
75  *  trace:entry MO 02 .. sec_addr.port_spec[1]  put 1@27  =   80 {50} P
76  *  trace:entry MO 02 .. sec_addr.port_spec[2]  put 1@28  =   73 {49} I
77  *  trace:entry MO 02 .. sec_addr.port_spec[3]  put 1@29  =   80 {50} P
78  *  trace:entry MO 02 .. sec_addr.port_spec[4]  put 1@30  =   69 {45} E
79  *  trace:entry MO 02 .. sec_addr.port_spec[5]  put 1@31  =   92 {5c} \
80  *  trace:entry MO 02 .. sec_addr.port_spec[6]  put 1@32  =  108 {6c} l
81  *  trace:entry MO 02 .. sec_addr.port_spec[7]  put 1@33  =  115 {73} s
82  *  trace:entry MO 02 .. sec_addr.port_spec[8]  put 1@34  =   97 {61} a
83  *  trace:entry MO 02 .. sec_addr.port_spec[9]  put 1@35  =  115 {73} s
84  *  trace:entry MO 02 .. sec_addr.port_spec[10]  put 1@36  = 115 {73} s
85  *  trace:entry MO 02 .. sec_addr.port_spec[11]  put 1@37  =   0 {00}
86  */
87 
88 /*
89  * SmbSessionSetupX, SmbLogoffX
90  * SmbTreeConnect, SmbTreeDisconnect
91  */
92 smb_session*:entry,
93 smb_tree*:entry,
94 smb_com_*:entry,
95 smb_com_*:return,
96 smb_com_session_setup_andx:entry,
97 smb_com_logoff_andx:entry,
98 smb_tree_connect:return,
99 smb_tree_disconnect:entry,
100 smb_tree_disconnect:return
101 {
102 }
103 
104 smb_com_session_setup_andx:return,
105 smb_session*:return,
106 smb_user*:return,
107 smb_tree*:return
108 {
109 	printf("rc=%d", arg1);
110 }
111 
112 sdt:smbsrv::smb-sessionsetup-clntinfo
113 {
114 	clnt = (netr_client_t *)arg0;
115 
116 	printf("domain=%s\n\n", stringof(clnt->domain));
117 	printf("username=%s\n\n", stringof(clnt->username));
118 }
119 
120 smb_tree_connect:entry
121 {
122 	printf("share=%s service=%s",
123 	    stringof(arg3), stringof(arg4));
124 }
125 
126 smb_com_logoff_andx:return
127 {
128 	exit(0);
129 }
130 
131 /*
132  * Raise error functions (no return).
133  */
134 smbsr_raise_error:entry
135 {
136         printf("class=%d code=%d", arg1, arg2);
137 }
138 
139 smbsr_raise_cifs_error:entry
140 {
141     printf("status=0x%08x class=%d, code=%d", arg1, arg2, arg3);
142 }
143 
144 smbsr_raise_nt_error:entry
145 {
146     printf("error=0x%08x", arg1);
147 }
148 
149 smbsr_raise_errno:entry
150 {
151     printf("errno=%d", arg1);
152 }
153 
154 /*
155  * MSRPC activity.
156  */
157 pid$target::mlrpc_s_bind:entry,
158 pid$target::mlrpc_s_bind:return,
159 pid$target::mlrpc_s_request:entry,
160 pid$target::mlrpc_s_request:return
161 {
162 }
163 
164 pid$target::smb_trace:entry,
165 pid$target::mlndo_trace:entry
166 {
167 	printf("%s", copyinstr(arg0));
168 }
169 
170 /*
171  * LSARPC
172  */
173 pid$target::lsarpc_s_CloseHandle:entry,
174 pid$target::lsarpc_s_QuerySecurityObject:entry,
175 pid$target::lsarpc_s_EnumAccounts:entry,
176 pid$target::lsarpc_s_EnumTrustedDomain:entry,
177 pid$target::lsarpc_s_OpenAccount:entry,
178 pid$target::lsarpc_s_EnumPrivsAccount:entry,
179 pid$target::lsarpc_s_LookupPrivValue:entry,
180 pid$target::lsarpc_s_LookupPrivName:entry,
181 pid$target::lsarpc_s_LookupPrivDisplayName:entry,
182 pid$target::lsarpc_s_QueryInfoPolicy:entry,
183 pid$target::lsarpc_s_OpenDomainHandle:entry,
184 pid$target::lsarpc_s_OpenDomainHandle:entry,
185 pid$target::lsarpc_s_LookupSids:entry,
186 pid$target::lsarpc_s_LookupNames:entry,
187 pid$target::lsarpc_s_GetConnectedUser:entry,
188 pid$target::lsarpc_s_LookupSids2:entry,
189 pid$target::lsarpc_s_LookupNames2:entry
190 {
191 }
192 
193 pid$target::lsarpc_s_CloseHandle:return,
194 pid$target::lsarpc_s_QuerySecurityObject:return,
195 pid$target::lsarpc_s_EnumAccounts:return,
196 pid$target::lsarpc_s_EnumTrustedDomain:return,
197 pid$target::lsarpc_s_OpenAccount:return,
198 pid$target::lsarpc_s_EnumPrivsAccount:return,
199 pid$target::lsarpc_s_LookupPrivValue:return,
200 pid$target::lsarpc_s_LookupPrivName:return,
201 pid$target::lsarpc_s_LookupPrivDisplayName:return,
202 pid$target::lsarpc_s_QueryInfoPolicy:return,
203 pid$target::lsarpc_s_OpenDomainHandle:return,
204 pid$target::lsarpc_s_OpenDomainHandle:return,
205 pid$target::lsarpc_s_LookupSids:return,
206 pid$target::lsarpc_s_LookupNames:return,
207 pid$target::lsarpc_s_GetConnectedUser:return,
208 pid$target::lsarpc_s_LookupSids2:return,
209 pid$target::lsarpc_s_LookupNames2:return
210 {
211 }
212 
213 /*
214  * NetLogon
215  */
216 pid$target::netr_s_*:entry,
217 pid$target::netr_s_*:return
218 {
219 }
220 
221 /*
222  * SAMR
223  */
224 pid$target::samr_s_ConnectAnon:entry,
225 pid$target::samr_s_CloseHandle:entry,
226 pid$target::samr_s_LookupDomain:entry,
227 pid$target::samr_s_EnumLocalDomains:entry,
228 pid$target::samr_s_OpenDomain:entry,
229 pid$target::samr_s_QueryDomainInfo:entry,
230 pid$target::samr_s_LookupNames:entry,
231 pid$target::samr_s_OpenUser:entry,
232 pid$target::samr_s_DeleteUser:entry,
233 pid$target::samr_s_QueryUserInfo:entry,
234 pid$target::samr_s_QueryUserGroups:entry,
235 pid$target::samr_s_OpenGroup:entry,
236 pid$target::samr_s_Connect:entry,
237 pid$target::samr_s_GetUserPwInfo:entry,
238 pid$target::samr_s_CreateUser:entry,
239 pid$target::samr_s_ChangeUserPasswd:entry,
240 pid$target::samr_s_GetDomainPwInfo:entry,
241 pid$target::samr_s_SetUserInfo:entry,
242 pid$target::samr_s_Connect3:entry,
243 pid$target::samr_s_Connect4:entry,
244 pid$target::samr_s_QueryDispInfo:entry,
245 pid$target::samr_s_OpenAlias:entry,
246 pid$target::samr_s_CreateDomainAlias:entry,
247 pid$target::samr_s_SetAliasInfo:entry,
248 pid$target::samr_s_QueryAliasInfo:entry,
249 pid$target::samr_s_DeleteDomainAlias:entry,
250 pid$target::samr_s_EnumDomainAliases:entry,
251 pid$target::samr_s_EnumDomainGroups:entry
252 {
253 }
254 
255 pid$target::samr_s_ConnectAnon:return,
256 pid$target::samr_s_CloseHandle:return,
257 pid$target::samr_s_LookupDomain:return,
258 pid$target::samr_s_EnumLocalDomains:return,
259 pid$target::samr_s_OpenDomain:return,
260 pid$target::samr_s_QueryDomainInfo:return,
261 pid$target::samr_s_LookupNames:return,
262 pid$target::samr_s_OpenUser:return,
263 pid$target::samr_s_DeleteUser:return,
264 pid$target::samr_s_QueryUserInfo:return,
265 pid$target::samr_s_QueryUserGroups:return,
266 pid$target::samr_s_OpenGroup:return,
267 pid$target::samr_s_Connect:return,
268 pid$target::samr_s_GetUserPwInfo:return,
269 pid$target::samr_s_CreateUser:return,
270 pid$target::samr_s_ChangeUserPasswd:return,
271 pid$target::samr_s_GetDomainPwInfo:return,
272 pid$target::samr_s_SetUserInfo:return,
273 pid$target::samr_s_Connect3:return,
274 pid$target::samr_s_Connect4:return,
275 pid$target::samr_s_QueryDispInfo:return,
276 pid$target::samr_s_OpenAlias:return,
277 pid$target::samr_s_CreateDomainAlias:return,
278 pid$target::samr_s_SetAliasInfo:return,
279 pid$target::samr_s_QueryAliasInfo:return,
280 pid$target::samr_s_DeleteDomainAlias:return,
281 pid$target::samr_s_EnumDomainAliases:return,
282 pid$target::samr_s_EnumDomainGroups:return
283 {
284 }
285 
286 /*
287  * SVCCTL
288  */
289 pid$target::svcctl_s_*:entry,
290 pid$target::svcctl_s_*:return
291 {
292 }
293 
294 /*
295  * SRVSVC
296  */
297 pid$target::srvsvc_s_NetConnectEnum:entry,
298 pid$target::srvsvc_s_NetFileEnum:entry,
299 pid$target::srvsvc_s_NetFileClose:entry,
300 pid$target::srvsvc_s_NetShareGetInfo:entry,
301 pid$target::srvsvc_s_NetShareSetInfo:entry,
302 pid$target::srvsvc_s_NetSessionEnum:entry,
303 pid$target::srvsvc_s_NetSessionDel:entry,
304 pid$target::srvsvc_s_NetServerGetInfo:entry,
305 pid$target::srvsvc_s_NetRemoteTOD:entry,
306 pid$target::srvsvc_s_NetNameValidate:entry,
307 pid$target::srvsvc_s_NetShareAdd:entry,
308 pid$target::srvsvc_s_NetShareDel:entry,
309 pid$target::srvsvc_s_NetShareEnum:entry,
310 pid$target::srvsvc_s_NetShareEnumSticky:entry,
311 pid$target::srvsvc_s_NetGetFileSecurity:entry,
312 pid$target::srvsvc_s_NetSetFileSecurity:entry
313 {
314 }
315 
316 pid$target::srvsvc_s_NetConnectEnum:return,
317 pid$target::srvsvc_s_NetFileEnum:return,
318 pid$target::srvsvc_s_NetFileClose:return,
319 pid$target::srvsvc_s_NetShareGetInfo:return,
320 pid$target::srvsvc_s_NetShareSetInfo:return,
321 pid$target::srvsvc_s_NetSessionEnum:return,
322 pid$target::srvsvc_s_NetSessionDel:return,
323 pid$target::srvsvc_s_NetServerGetInfo:return,
324 pid$target::srvsvc_s_NetRemoteTOD:return,
325 pid$target::srvsvc_s_NetNameValidate:return,
326 pid$target::srvsvc_s_NetShareAdd:return,
327 pid$target::srvsvc_s_NetShareDel:return,
328 pid$target::srvsvc_s_NetShareEnum:return,
329 pid$target::srvsvc_s_NetShareEnumSticky:return,
330 pid$target::srvsvc_s_NetGetFileSecurity:return,
331 pid$target::srvsvc_s_NetSetFileSecurity:return
332 {
333 }
334 
335 /*
336  * WinReg
337  */
338 pid$target::winreg_s_*:entry,
339 pid$target::winreg_s_*:return
340 {
341 }
342 
343 /*
344  * Workstation
345  */
346 pid$target::wkssvc_s_*:entry,
347 pid$target::wkssvc_s_*:return
348 {
349 }
350 
351 /*
352  * SMBRDR
353  */
354 pid$target::smbrdr_*:entry,
355 pid$target::smbrdr_*:return
356 {
357 }
358 
359 pid$target::mlsvc_tree_connect:entry
360 {
361 	printf("%s %s %s",
362 	    copyinstr(arg0),
363 	    copyinstr(arg1),
364 	    copyinstr(arg2));
365 }
366 
367 pid$target::mlsvc_open_pipe:entry
368 {
369 	printf("%s %s %s %s",
370 	    copyinstr(arg0),
371 	    copyinstr(arg1),
372 	    copyinstr(arg2),
373 	    copyinstr(arg3));
374 }
375 
376 pid$target::mlsvc_close_pipe:entry
377 {
378 }
379 
380 pid$target::mlsvc_tree_connect:return,
381 pid$target::mlsvc_open_pipe:return,
382 pid$target::mlsvc_close_pipe:return
383 {
384 	printf("%d", arg1);
385 }
386