xref: /titanic_41/usr/src/cmd/smbsrv/dtrace/msrpc.d (revision bbb1277b6ec1b0daad4e3ed1a2b891d3e2ece2eb)
1 #!/usr/sbin/dtrace -s
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * Usage:	./msrpc.d -p `pgrep smbd`
29  *
30  * On multi-processor systems, it may be easier to follow the output
31  * if run on a single processor: see psradm.  For example, to disable
32  * the second processor on a dual-processor system:	psradm -f 1
33  *
34  * This script can be used to trace NDR operations and MSRPC requests.
35  * In order to put these operations in context, SMB session and tree
36  * requests are also traced.
37  *
38  * Output formatting is as follows:
39  *
40  *      UI 03 ... rpc_vers           get 1@0   =    5 {05}
41  *      UI 03 ... rpc_vers_minor     get 1@1   =    0 {00}
42  *
43  *      U       Marshalling flag (M=marshal, U=unmarshal)
44  *      I       Direction flag (I=in, O=out)
45  *      ...     Field name
46  *      get     PDU operation (get or put)
47  *      1@0     Bytes @ offset (i.e. 1 byte at offset 0)
48  *      {05}    Value
49  *
50  * The value formatting is limited to 10 bytes, after which an ellipsis
51  * will be inserted before the closing brace.  If the value is 1 or 2
52  * bytes, an attempt will be made to present an ASCII value but this may
53  * or may not be relevent.
54  *
55  * The following example shows the header from a bind response:
56  *
57  *  trace:entry MO 03 ... rpc_vers         put 1@0   =    5 {05}
58  *  trace:entry MO 03 ... rpc_vers_minor   put 1@1   =    0 {00}
59  *  trace:entry MO 03 ... ptype            put 1@2   =   12 {0c}
60  *  trace:entry MO 03 ... pfc_flags        put 1@3   =    3 {03}
61  *  trace:entry MO 04 .... intg_char_rep   put 1@4   =   16 {10}
62  *  trace:entry MO 04 .... float_rep       put 1@5   =    0 {00}
63  *  trace:entry MO 04 .... _spare[0]       put 1@6   =    0 {00}
64  *  trace:entry MO 04 .... _spare[1]       put 1@7   =    0 {00}
65  *  trace:entry MO 03 ... frag_length      put 2@8   =   68 {44 00} D
66  *  trace:entry MO 03 ... auth_length      put 2@10  =    0 {00 00}
67  *  trace:entry MO 03 ... call_id          put 4@12  =    1 {01 00 00 00}
68  *  trace:entry MO 02 .. max_xmit_frag     put 2@16  = 4280 {b8 10}
69  *  trace:entry MO 02 .. max_recv_frag     put 2@18  = 4280 {b8 10}
70  *  trace:entry MO 02 .. assoc_group_id    put 4@20  = 1192620711 {a7 f2 15 47}
71  *  trace:entry MO 02 .. sec_addr.length   put 2@24  =   12 {0c 00}
72  *  trace:entry MO 02 .. sec_addr.port_spec[0]  put 1@26  =   92 {5c} \
73  *  trace:entry MO 02 .. sec_addr.port_spec[1]  put 1@27  =   80 {50} P
74  *  trace:entry MO 02 .. sec_addr.port_spec[2]  put 1@28  =   73 {49} I
75  *  trace:entry MO 02 .. sec_addr.port_spec[3]  put 1@29  =   80 {50} P
76  *  trace:entry MO 02 .. sec_addr.port_spec[4]  put 1@30  =   69 {45} E
77  *  trace:entry MO 02 .. sec_addr.port_spec[5]  put 1@31  =   92 {5c} \
78  *  trace:entry MO 02 .. sec_addr.port_spec[6]  put 1@32  =  108 {6c} l
79  *  trace:entry MO 02 .. sec_addr.port_spec[7]  put 1@33  =  115 {73} s
80  *  trace:entry MO 02 .. sec_addr.port_spec[8]  put 1@34  =   97 {61} a
81  *  trace:entry MO 02 .. sec_addr.port_spec[9]  put 1@35  =  115 {73} s
82  *  trace:entry MO 02 .. sec_addr.port_spec[10]  put 1@36  = 115 {73} s
83  *  trace:entry MO 02 .. sec_addr.port_spec[11]  put 1@37  =   0 {00}
84  */
85 
86 BEGIN
87 {
88 	printf("MSRPC Trace Started");
89 	printf("\n\n");
90 }
91 
92 END
93 {
94 	printf("MSRPC Trace Ended");
95 	printf("\n\n");
96 }
97 
98 /*
99  * SmbSessionSetupX, SmbLogoffX
100  * SmbTreeConnect, SmbTreeDisconnect
101  */
102 smb_tree*:entry,
103 smb_com_*:entry,
104 smb_com_*:return,
105 smb_com_session_setup_andx:entry,
106 smb_com_logoff_andx:entry,
107 smb_tree_connect:return,
108 smb_tree_disconnect:entry,
109 smb_tree_disconnect:return,
110 smb_opipe_open:entry,
111 smb_opipe_door_call:entry,
112 smb_opipe_door_upcall:entry,
113 door_ki_upcall:entry
114 {
115 }
116 
117 smb_com_session_setup_andx:return,
118 smb_user*:return,
119 smb_tree*:return,
120 smb_opipe_open:return,
121 smb_opipe_door_call:return,
122 smb_opipe_door_upcall:return,
123 door_ki_upcall:return
124 {
125 	printf("rc=0x%08x", arg1);
126 }
127 
128 sdt:smbsrv::smb-sessionsetup-clntinfo
129 {
130 	clnt = (netr_client_t *)arg0;
131 
132 	printf("domain\\username=%s\\%s\n\n",
133 	    stringof(clnt->domain),
134 	    stringof(clnt->username));
135 }
136 
137 smb_tree_connect:entry
138 {
139 	sr = (smb_request_t *)arg0;
140 
141 	printf("share=%s service=%s",
142 	    stringof(sr->arg.tcon.path),
143 	    stringof(sr->arg.tcon.service));
144 }
145 
146 smb_com_logoff_andx:return
147 {
148 }
149 
150 /*
151  * Raise error functions (no return).
152  */
153 smbsr_error:entry
154 {
155     printf("status=0x%08x class=%d, code=%d", arg1, arg2, arg3);
156 }
157 
158 smbsr_errno:entry
159 {
160     printf("errno=%d", arg1);
161 }
162 
163 smbsr_error:return,
164 smbsr_errno:return
165 {
166 }
167 
168 /*
169  * MSRPC activity.
170  */
171 pid$target::ndr_svc_bind:entry,
172 pid$target::ndr_svc_bind:return,
173 pid$target::ndr_svc_request:entry,
174 pid$target::ndr_svc_request:return
175 {
176 }
177 
178 pid$target::smb_trace:entry,
179 pid$target::ndo_trace:entry
180 {
181 	printf("%s", copyinstr(arg0));
182 }
183 
184 /*
185  * LSARPC
186  */
187 pid$target::lsarpc_s_CloseHandle:entry,
188 pid$target::lsarpc_s_QuerySecurityObject:entry,
189 pid$target::lsarpc_s_EnumAccounts:entry,
190 pid$target::lsarpc_s_EnumTrustedDomain:entry,
191 pid$target::lsarpc_s_OpenAccount:entry,
192 pid$target::lsarpc_s_EnumPrivsAccount:entry,
193 pid$target::lsarpc_s_LookupPrivValue:entry,
194 pid$target::lsarpc_s_LookupPrivName:entry,
195 pid$target::lsarpc_s_LookupPrivDisplayName:entry,
196 pid$target::lsarpc_s_QueryInfoPolicy:entry,
197 pid$target::lsarpc_s_OpenDomainHandle:entry,
198 pid$target::lsarpc_s_OpenDomainHandle:entry,
199 pid$target::lsarpc_s_LookupSids:entry,
200 pid$target::lsarpc_s_LookupNames:entry,
201 pid$target::lsarpc_s_GetConnectedUser:entry,
202 pid$target::lsarpc_s_LookupSids2:entry,
203 pid$target::lsarpc_s_LookupNames2:entry
204 {
205 }
206 
207 pid$target::lsarpc_s_CloseHandle:return,
208 pid$target::lsarpc_s_QuerySecurityObject:return,
209 pid$target::lsarpc_s_EnumAccounts:return,
210 pid$target::lsarpc_s_EnumTrustedDomain:return,
211 pid$target::lsarpc_s_OpenAccount:return,
212 pid$target::lsarpc_s_EnumPrivsAccount:return,
213 pid$target::lsarpc_s_LookupPrivValue:return,
214 pid$target::lsarpc_s_LookupPrivName:return,
215 pid$target::lsarpc_s_LookupPrivDisplayName:return,
216 pid$target::lsarpc_s_QueryInfoPolicy:return,
217 pid$target::lsarpc_s_OpenDomainHandle:return,
218 pid$target::lsarpc_s_OpenDomainHandle:return,
219 pid$target::lsarpc_s_LookupSids:return,
220 pid$target::lsarpc_s_LookupNames:return,
221 pid$target::lsarpc_s_GetConnectedUser:return,
222 pid$target::lsarpc_s_LookupSids2:return,
223 pid$target::lsarpc_s_LookupNames2:return
224 {
225 }
226 
227 pid$target::lsar_lookup_names:entry
228 {
229 	printf("%s", copyinstr(arg1));
230 }
231 
232 pid$target::lsar_lookup_*:entry
233 {
234 }
235 
236 pid$target::lsar_lookup_*:return
237 {
238 	printf("0x%08x", arg1);
239 }
240 
241 pid$target::lsar_*:entry
242 {
243 }
244 
245 pid$target::lsar_*:return
246 {
247 	printf("0x%08x", arg1);
248 }
249 
250 /*
251  * NetLogon
252  */
253 pid$target::netr_*:entry
254 {
255 }
256 
257 pid$target::netr_*:return
258 {
259 	printf("0x%08x", arg1);
260 }
261 
262 /*
263  * SAMR
264  */
265 pid$target::samr_s_ConnectAnon:entry,
266 pid$target::samr_s_CloseHandle:entry,
267 pid$target::samr_s_LookupDomain:entry,
268 pid$target::samr_s_EnumLocalDomains:entry,
269 pid$target::samr_s_OpenDomain:entry,
270 pid$target::samr_s_QueryDomainInfo:entry,
271 pid$target::samr_s_QueryInfoDomain2:entry,
272 pid$target::samr_s_LookupNames:entry,
273 pid$target::samr_s_OpenUser:entry,
274 pid$target::samr_s_DeleteUser:entry,
275 pid$target::samr_s_QueryUserInfo:entry,
276 pid$target::samr_s_QueryUserGroups:entry,
277 pid$target::samr_s_OpenGroup:entry,
278 pid$target::samr_s_Connect:entry,
279 pid$target::samr_s_GetUserPwInfo:entry,
280 pid$target::samr_s_CreateUser:entry,
281 pid$target::samr_s_ChangeUserPasswd:entry,
282 pid$target::samr_s_GetDomainPwInfo:entry,
283 pid$target::samr_s_SetUserInfo:entry,
284 pid$target::samr_s_Connect3:entry,
285 pid$target::samr_s_Connect4:entry,
286 pid$target::samr_s_QueryDispInfo:entry,
287 pid$target::samr_s_OpenAlias:entry,
288 pid$target::samr_s_CreateDomainAlias:entry,
289 pid$target::samr_s_SetAliasInfo:entry,
290 pid$target::samr_s_QueryAliasInfo:entry,
291 pid$target::samr_s_DeleteDomainAlias:entry,
292 pid$target::samr_s_EnumDomainAliases:entry,
293 pid$target::samr_s_EnumDomainGroups:entry
294 {
295 }
296 
297 pid$target::samr_s_ConnectAnon:return,
298 pid$target::samr_s_CloseHandle:return,
299 pid$target::samr_s_LookupDomain:return,
300 pid$target::samr_s_EnumLocalDomains:return,
301 pid$target::samr_s_OpenDomain:return,
302 pid$target::samr_s_QueryDomainInfo:return,
303 pid$target::samr_s_QueryInfoDomain2:return,
304 pid$target::samr_s_LookupNames:return,
305 pid$target::samr_s_OpenUser:return,
306 pid$target::samr_s_DeleteUser:return,
307 pid$target::samr_s_QueryUserInfo:return,
308 pid$target::samr_s_QueryUserGroups:return,
309 pid$target::samr_s_OpenGroup:return,
310 pid$target::samr_s_Connect:return,
311 pid$target::samr_s_GetUserPwInfo:return,
312 pid$target::samr_s_CreateUser:return,
313 pid$target::samr_s_ChangeUserPasswd:return,
314 pid$target::samr_s_GetDomainPwInfo:return,
315 pid$target::samr_s_SetUserInfo:return,
316 pid$target::samr_s_Connect3:return,
317 pid$target::samr_s_Connect4:return,
318 pid$target::samr_s_QueryDispInfo:return,
319 pid$target::samr_s_OpenAlias:return,
320 pid$target::samr_s_CreateDomainAlias:return,
321 pid$target::samr_s_SetAliasInfo:return,
322 pid$target::samr_s_QueryAliasInfo:return,
323 pid$target::samr_s_DeleteDomainAlias:return,
324 pid$target::samr_s_EnumDomainAliases:return,
325 pid$target::samr_s_EnumDomainGroups:return
326 {
327 }
328 
329 /*
330  * SVCCTL
331  */
332 pid$target::svcctl_s_*:entry,
333 pid$target::svcctl_s_*:return
334 {
335 }
336 
337 /*
338  * SRVSVC
339  */
340 pid$target::srvsvc_s_NetConnectEnum:entry,
341 pid$target::srvsvc_s_NetFileEnum:entry,
342 pid$target::srvsvc_s_NetFileClose:entry,
343 pid$target::srvsvc_s_NetShareGetInfo:entry,
344 pid$target::srvsvc_s_NetShareSetInfo:entry,
345 pid$target::srvsvc_s_NetSessionEnum:entry,
346 pid$target::srvsvc_s_NetSessionDel:entry,
347 pid$target::srvsvc_s_NetServerGetInfo:entry,
348 pid$target::srvsvc_s_NetRemoteTOD:entry,
349 pid$target::srvsvc_s_NetNameValidate:entry,
350 pid$target::srvsvc_s_NetShareAdd:entry,
351 pid$target::srvsvc_s_NetShareDel:entry,
352 pid$target::srvsvc_s_NetShareEnum:entry,
353 pid$target::srvsvc_s_NetShareEnumSticky:entry,
354 pid$target::srvsvc_s_NetGetFileSecurity:entry,
355 pid$target::srvsvc_s_NetSetFileSecurity:entry
356 {
357 }
358 
359 pid$target::srvsvc_s_NetConnectEnum:return,
360 pid$target::srvsvc_s_NetFileEnum:return,
361 pid$target::srvsvc_s_NetFileClose:return,
362 pid$target::srvsvc_s_NetShareGetInfo:return,
363 pid$target::srvsvc_s_NetShareSetInfo:return,
364 pid$target::srvsvc_s_NetSessionEnum:return,
365 pid$target::srvsvc_s_NetSessionDel:return,
366 pid$target::srvsvc_s_NetServerGetInfo:return,
367 pid$target::srvsvc_s_NetRemoteTOD:return,
368 pid$target::srvsvc_s_NetNameValidate:return,
369 pid$target::srvsvc_s_NetShareAdd:return,
370 pid$target::srvsvc_s_NetShareDel:return,
371 pid$target::srvsvc_s_NetShareEnum:return,
372 pid$target::srvsvc_s_NetShareEnumSticky:return,
373 pid$target::srvsvc_s_NetGetFileSecurity:return,
374 pid$target::srvsvc_s_NetSetFileSecurity:return
375 {
376 }
377 
378 /*
379  * WinReg
380  */
381 pid$target::winreg_s_*:entry,
382 pid$target::winreg_s_*:return
383 {
384 }
385 
386 /*
387  * Workstation
388  */
389 pid$target::wkssvc_s_*:entry,
390 pid$target::wkssvc_s_*:return
391 {
392 }
393 
394 /*
395  * SMBRDR
396  */
397 pid$target::smbrdr_tree_connect:entry
398 {
399 	printf("%s %s %s",
400 	    copyinstr(arg0),
401 	    copyinstr(arg1),
402 	    copyinstr(arg2));
403 }
404 
405 pid$target::smbrdr_open_pipe:entry
406 {
407 	printf("%s %s %s %s",
408 	    copyinstr(arg0),
409 	    copyinstr(arg1),
410 	    copyinstr(arg2),
411 	    copyinstr(arg3));
412 }
413 
414 pid$target::smbrdr_tree_disconnect:entry,
415 pid$target::smbrdr_close_pipe:entry,
416 pid$target::smbrdr_ntcreatex:entry,
417 pid$target::smbrdr_transact:entry,
418 pid$target::smbrdr_readx*:entry
419 {
420 }
421 
422 pid$target::smbrdr_tree_connect:return,
423 pid$target::smbrdr_tree_disconnect:return,
424 pid$target::smbrdr_open_pipe:return,
425 pid$target::smbrdr_close_pipe:return,
426 pid$target::smbrdr_ntcreatex:return,
427 pid$target::smbrdr_transact:return,
428 pid$target::smbrdr_readx*:return
429 {
430 	printf("%d", arg1);
431 }
432 
433 pid$target::ndr_clnt_get_frags:entry,
434 pid$target::ndr_clnt_get_frag:entry
435 {
436 }
437 
438 pid$target::ndr_clnt_get_frags:return,
439 pid$target::ndr_clnt_get_frag:return
440 {
441 	printf("%d", arg1);
442 }
443