1 #!/usr/sbin/dtrace -s 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * Usage: ./msrpc.d -p `pgrep smbd` 31 * 32 * On multi-processor systems, it may be easier to follow the output 33 * if run on a single processor: see psradm. For example, to disable 34 * the second processor on a dual-processor system: psradm -f 1 35 * 36 * This script can be used to trace NDR operations and MSRPC requests. 37 * In order to put these operations in context, SMB session and tree 38 * requests are also traced. 39 * 40 * Output formatting is as follows: 41 * 42 * UI 03 ... rpc_vers get 1@0 = 5 {05} 43 * UI 03 ... rpc_vers_minor get 1@1 = 0 {00} 44 * 45 * U Marshalling flag (M=marshal, U=unmarshal) 46 * I Direction flag (I=in, O=out) 47 * ... Field name 48 * get PDU operation (get or put) 49 * 1@0 Bytes @ offset (i.e. 1 byte at offset 0) 50 * {05} Value 51 * 52 * The value formatting is limited to 10 bytes, after which an ellipsis 53 * will be inserted before the closing brace. If the value is 1 or 2 54 * bytes, an attempt will be made to present an ASCII value but this may 55 * or may not be relevent. 56 * 57 * The following example shows the header from a bind response: 58 * 59 * trace:entry MO 03 ... rpc_vers put 1@0 = 5 {05} 60 * trace:entry MO 03 ... rpc_vers_minor put 1@1 = 0 {00} 61 * trace:entry MO 03 ... ptype put 1@2 = 12 {0c} 62 * trace:entry MO 03 ... pfc_flags put 1@3 = 3 {03} 63 * trace:entry MO 04 .... intg_char_rep put 1@4 = 16 {10} 64 * trace:entry MO 04 .... float_rep put 1@5 = 0 {00} 65 * trace:entry MO 04 .... _spare[0] put 1@6 = 0 {00} 66 * trace:entry MO 04 .... _spare[1] put 1@7 = 0 {00} 67 * trace:entry MO 03 ... frag_length put 2@8 = 68 {44 00} D 68 * trace:entry MO 03 ... auth_length put 2@10 = 0 {00 00} 69 * trace:entry MO 03 ... call_id put 4@12 = 1 {01 00 00 00} 70 * trace:entry MO 02 .. max_xmit_frag put 2@16 = 4280 {b8 10} 71 * trace:entry MO 02 .. max_recv_frag put 2@18 = 4280 {b8 10} 72 * trace:entry MO 02 .. assoc_group_id put 4@20 = 1192620711 {a7 f2 15 47} 73 * trace:entry MO 02 .. sec_addr.length put 2@24 = 12 {0c 00} 74 * trace:entry MO 02 .. sec_addr.port_spec[0] put 1@26 = 92 {5c} \ 75 * trace:entry MO 02 .. sec_addr.port_spec[1] put 1@27 = 80 {50} P 76 * trace:entry MO 02 .. sec_addr.port_spec[2] put 1@28 = 73 {49} I 77 * trace:entry MO 02 .. sec_addr.port_spec[3] put 1@29 = 80 {50} P 78 * trace:entry MO 02 .. sec_addr.port_spec[4] put 1@30 = 69 {45} E 79 * trace:entry MO 02 .. sec_addr.port_spec[5] put 1@31 = 92 {5c} \ 80 * trace:entry MO 02 .. sec_addr.port_spec[6] put 1@32 = 108 {6c} l 81 * trace:entry MO 02 .. sec_addr.port_spec[7] put 1@33 = 115 {73} s 82 * trace:entry MO 02 .. sec_addr.port_spec[8] put 1@34 = 97 {61} a 83 * trace:entry MO 02 .. sec_addr.port_spec[9] put 1@35 = 115 {73} s 84 * trace:entry MO 02 .. sec_addr.port_spec[10] put 1@36 = 115 {73} s 85 * trace:entry MO 02 .. sec_addr.port_spec[11] put 1@37 = 0 {00} 86 */ 87 88 /* 89 * SmbSessionSetupX, SmbLogoffX 90 * SmbTreeConnect, SmbTreeDisconnect 91 */ 92 smb_session*:entry, 93 smb_tree*:entry, 94 smb_com_*:entry, 95 smb_com_*:return, 96 smb_com_session_setup_andx:entry, 97 smb_com_logoff_andx:entry, 98 smb_tree_connect:return, 99 smb_tree_disconnect:entry, 100 smb_tree_disconnect:return 101 { 102 } 103 104 smb_com_session_setup_andx:return, 105 smb_session*:return, 106 smb_user*:return, 107 smb_tree*:return 108 { 109 printf("rc=%d", arg1); 110 } 111 112 sdt:smbsrv::smb-sessionsetup-clntinfo 113 { 114 clnt = (netr_client_t *)arg0; 115 116 printf("domain=%s\n\n", stringof(clnt->domain)); 117 printf("username=%s\n\n", stringof(clnt->username)); 118 } 119 120 smb_tree_connect:entry 121 { 122 printf("share=%s service=%s", 123 stringof(arg3), stringof(arg4)); 124 } 125 126 smb_com_logoff_andx:return 127 { 128 exit(0); 129 } 130 131 /* 132 * Raise error functions (no return). 133 */ 134 smbsr_raise_error:entry 135 { 136 printf("class=%d code=%d", arg1, arg2); 137 } 138 139 smbsr_raise_cifs_error:entry 140 { 141 printf("status=0x%08x class=%d, code=%d", arg1, arg2, arg3); 142 } 143 144 smbsr_raise_nt_error:entry 145 { 146 printf("error=0x%08x", arg1); 147 } 148 149 smbsr_raise_errno:entry 150 { 151 printf("errno=%d", arg1); 152 } 153 154 /* 155 * MSRPC activity. 156 */ 157 pid$target::mlrpc_s_bind:entry, 158 pid$target::mlrpc_s_bind:return, 159 pid$target::mlrpc_s_request:entry, 160 pid$target::mlrpc_s_request:return 161 { 162 } 163 164 pid$target::smb_trace:entry, 165 pid$target::mlndo_trace:entry 166 { 167 printf("%s", copyinstr(arg0)); 168 } 169 170 /* 171 * LSARPC 172 */ 173 pid$target::lsarpc_s_CloseHandle:entry, 174 pid$target::lsarpc_s_QuerySecurityObject:entry, 175 pid$target::lsarpc_s_EnumAccounts:entry, 176 pid$target::lsarpc_s_EnumTrustedDomain:entry, 177 pid$target::lsarpc_s_OpenAccount:entry, 178 pid$target::lsarpc_s_EnumPrivsAccount:entry, 179 pid$target::lsarpc_s_LookupPrivValue:entry, 180 pid$target::lsarpc_s_LookupPrivName:entry, 181 pid$target::lsarpc_s_LookupPrivDisplayName:entry, 182 pid$target::lsarpc_s_QueryInfoPolicy:entry, 183 pid$target::lsarpc_s_OpenDomainHandle:entry, 184 pid$target::lsarpc_s_OpenDomainHandle:entry, 185 pid$target::lsarpc_s_LookupSids:entry, 186 pid$target::lsarpc_s_LookupNames:entry, 187 pid$target::lsarpc_s_GetConnectedUser:entry, 188 pid$target::lsarpc_s_LookupSids2:entry, 189 pid$target::lsarpc_s_LookupNames2:entry 190 { 191 } 192 193 pid$target::lsarpc_s_CloseHandle:return, 194 pid$target::lsarpc_s_QuerySecurityObject:return, 195 pid$target::lsarpc_s_EnumAccounts:return, 196 pid$target::lsarpc_s_EnumTrustedDomain:return, 197 pid$target::lsarpc_s_OpenAccount:return, 198 pid$target::lsarpc_s_EnumPrivsAccount:return, 199 pid$target::lsarpc_s_LookupPrivValue:return, 200 pid$target::lsarpc_s_LookupPrivName:return, 201 pid$target::lsarpc_s_LookupPrivDisplayName:return, 202 pid$target::lsarpc_s_QueryInfoPolicy:return, 203 pid$target::lsarpc_s_OpenDomainHandle:return, 204 pid$target::lsarpc_s_OpenDomainHandle:return, 205 pid$target::lsarpc_s_LookupSids:return, 206 pid$target::lsarpc_s_LookupNames:return, 207 pid$target::lsarpc_s_GetConnectedUser:return, 208 pid$target::lsarpc_s_LookupSids2:return, 209 pid$target::lsarpc_s_LookupNames2:return 210 { 211 } 212 213 /* 214 * NetLogon 215 */ 216 pid$target::netr_s_*:entry, 217 pid$target::netr_s_*:return 218 { 219 } 220 221 /* 222 * SAMR 223 */ 224 pid$target::samr_s_ConnectAnon:entry, 225 pid$target::samr_s_CloseHandle:entry, 226 pid$target::samr_s_LookupDomain:entry, 227 pid$target::samr_s_EnumLocalDomains:entry, 228 pid$target::samr_s_OpenDomain:entry, 229 pid$target::samr_s_QueryDomainInfo:entry, 230 pid$target::samr_s_LookupNames:entry, 231 pid$target::samr_s_OpenUser:entry, 232 pid$target::samr_s_DeleteUser:entry, 233 pid$target::samr_s_QueryUserInfo:entry, 234 pid$target::samr_s_QueryUserGroups:entry, 235 pid$target::samr_s_OpenGroup:entry, 236 pid$target::samr_s_Connect:entry, 237 pid$target::samr_s_GetUserPwInfo:entry, 238 pid$target::samr_s_CreateUser:entry, 239 pid$target::samr_s_ChangeUserPasswd:entry, 240 pid$target::samr_s_GetDomainPwInfo:entry, 241 pid$target::samr_s_SetUserInfo:entry, 242 pid$target::samr_s_Connect3:entry, 243 pid$target::samr_s_Connect4:entry, 244 pid$target::samr_s_QueryDispInfo:entry, 245 pid$target::samr_s_OpenAlias:entry, 246 pid$target::samr_s_CreateDomainAlias:entry, 247 pid$target::samr_s_SetAliasInfo:entry, 248 pid$target::samr_s_QueryAliasInfo:entry, 249 pid$target::samr_s_DeleteDomainAlias:entry, 250 pid$target::samr_s_EnumDomainAliases:entry, 251 pid$target::samr_s_EnumDomainGroups:entry 252 { 253 } 254 255 pid$target::samr_s_ConnectAnon:return, 256 pid$target::samr_s_CloseHandle:return, 257 pid$target::samr_s_LookupDomain:return, 258 pid$target::samr_s_EnumLocalDomains:return, 259 pid$target::samr_s_OpenDomain:return, 260 pid$target::samr_s_QueryDomainInfo:return, 261 pid$target::samr_s_LookupNames:return, 262 pid$target::samr_s_OpenUser:return, 263 pid$target::samr_s_DeleteUser:return, 264 pid$target::samr_s_QueryUserInfo:return, 265 pid$target::samr_s_QueryUserGroups:return, 266 pid$target::samr_s_OpenGroup:return, 267 pid$target::samr_s_Connect:return, 268 pid$target::samr_s_GetUserPwInfo:return, 269 pid$target::samr_s_CreateUser:return, 270 pid$target::samr_s_ChangeUserPasswd:return, 271 pid$target::samr_s_GetDomainPwInfo:return, 272 pid$target::samr_s_SetUserInfo:return, 273 pid$target::samr_s_Connect3:return, 274 pid$target::samr_s_Connect4:return, 275 pid$target::samr_s_QueryDispInfo:return, 276 pid$target::samr_s_OpenAlias:return, 277 pid$target::samr_s_CreateDomainAlias:return, 278 pid$target::samr_s_SetAliasInfo:return, 279 pid$target::samr_s_QueryAliasInfo:return, 280 pid$target::samr_s_DeleteDomainAlias:return, 281 pid$target::samr_s_EnumDomainAliases:return, 282 pid$target::samr_s_EnumDomainGroups:return 283 { 284 } 285 286 /* 287 * SVCCTL 288 */ 289 pid$target::svcctl_s_*:entry, 290 pid$target::svcctl_s_*:return 291 { 292 } 293 294 /* 295 * SRVSVC 296 */ 297 pid$target::srvsvc_s_NetConnectEnum:entry, 298 pid$target::srvsvc_s_NetFileEnum:entry, 299 pid$target::srvsvc_s_NetFileClose:entry, 300 pid$target::srvsvc_s_NetShareGetInfo:entry, 301 pid$target::srvsvc_s_NetShareSetInfo:entry, 302 pid$target::srvsvc_s_NetSessionEnum:entry, 303 pid$target::srvsvc_s_NetSessionDel:entry, 304 pid$target::srvsvc_s_NetServerGetInfo:entry, 305 pid$target::srvsvc_s_NetRemoteTOD:entry, 306 pid$target::srvsvc_s_NetNameValidate:entry, 307 pid$target::srvsvc_s_NetShareAdd:entry, 308 pid$target::srvsvc_s_NetShareDel:entry, 309 pid$target::srvsvc_s_NetShareEnum:entry, 310 pid$target::srvsvc_s_NetShareEnumSticky:entry, 311 pid$target::srvsvc_s_NetGetFileSecurity:entry, 312 pid$target::srvsvc_s_NetSetFileSecurity:entry 313 { 314 } 315 316 pid$target::srvsvc_s_NetConnectEnum:return, 317 pid$target::srvsvc_s_NetFileEnum:return, 318 pid$target::srvsvc_s_NetFileClose:return, 319 pid$target::srvsvc_s_NetShareGetInfo:return, 320 pid$target::srvsvc_s_NetShareSetInfo:return, 321 pid$target::srvsvc_s_NetSessionEnum:return, 322 pid$target::srvsvc_s_NetSessionDel:return, 323 pid$target::srvsvc_s_NetServerGetInfo:return, 324 pid$target::srvsvc_s_NetRemoteTOD:return, 325 pid$target::srvsvc_s_NetNameValidate:return, 326 pid$target::srvsvc_s_NetShareAdd:return, 327 pid$target::srvsvc_s_NetShareDel:return, 328 pid$target::srvsvc_s_NetShareEnum:return, 329 pid$target::srvsvc_s_NetShareEnumSticky:return, 330 pid$target::srvsvc_s_NetGetFileSecurity:return, 331 pid$target::srvsvc_s_NetSetFileSecurity:return 332 { 333 } 334 335 /* 336 * WinReg 337 */ 338 pid$target::winreg_s_*:entry, 339 pid$target::winreg_s_*:return 340 { 341 } 342 343 /* 344 * Workstation 345 */ 346 pid$target::wkssvc_s_*:entry, 347 pid$target::wkssvc_s_*:return 348 { 349 } 350 351 /* 352 * SMBRDR 353 */ 354 pid$target::smbrdr_*:entry, 355 pid$target::smbrdr_*:return 356 { 357 } 358 359 pid$target::mlsvc_tree_connect:entry 360 { 361 printf("%s %s %s", 362 copyinstr(arg0), 363 copyinstr(arg1), 364 copyinstr(arg2)); 365 } 366 367 pid$target::mlsvc_open_pipe:entry 368 { 369 printf("%s %s %s %s", 370 copyinstr(arg0), 371 copyinstr(arg1), 372 copyinstr(arg2), 373 copyinstr(arg3)); 374 } 375 376 pid$target::mlsvc_close_pipe:entry 377 { 378 } 379 380 pid$target::mlsvc_tree_connect:return, 381 pid$target::mlsvc_open_pipe:return, 382 pid$target::mlsvc_close_pipe:return 383 { 384 printf("%d", arg1); 385 } 386