1ed81dd52SAlek Pinchuk #!/usr/sbin/dtrace -s
2ed81dd52SAlek Pinchuk /*
3ed81dd52SAlek Pinchuk  * This file and its contents are supplied under the terms of the
4ed81dd52SAlek Pinchuk  * Common Development and Distribution License ("CDDL"), version 1.0.
5ed81dd52SAlek Pinchuk  * You may only use this file in accordance with the terms of version
6ed81dd52SAlek Pinchuk  * 1.0 of the CDDL.
7ed81dd52SAlek Pinchuk  *
8ed81dd52SAlek Pinchuk  * A full copy of the text of the CDDL should have accompanied this
9ed81dd52SAlek Pinchuk  * source.  A copy of the CDDL is also available via the Internet at
10ed81dd52SAlek Pinchuk  * http://www.illumos.org/license/CDDL.
11ed81dd52SAlek Pinchuk  */
12ed81dd52SAlek Pinchuk 
13ed81dd52SAlek Pinchuk /*
14*d1855c81SGordon Ross  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
15ed81dd52SAlek Pinchuk  */
16ed81dd52SAlek Pinchuk 
17ed81dd52SAlek Pinchuk /*
18ed81dd52SAlek Pinchuk  * User-level dtrace for the smbd authentication service
19ed81dd52SAlek Pinchuk  * Usage: dtrace -s smbd-authsvc.d -p `pgrep smbd`
20ed81dd52SAlek Pinchuk  */
21ed81dd52SAlek Pinchuk 
22ed81dd52SAlek Pinchuk #pragma D option flowindent
23ed81dd52SAlek Pinchuk 
24ed81dd52SAlek Pinchuk self int trace;
25ed81dd52SAlek Pinchuk self int mask;
26ed81dd52SAlek Pinchuk 
27ed81dd52SAlek Pinchuk /*
28ed81dd52SAlek Pinchuk  * The smbd_authsvc_work() function is a good place to start tracing
29ed81dd52SAlek Pinchuk  * to watch authentication.  This function executes all the actions
30ed81dd52SAlek Pinchuk  * associated with a single session setup conversation (even though
31ed81dd52SAlek Pinchuk  * that conversation will usually involve multiple SMB requests).
32ed81dd52SAlek Pinchuk  */
33ed81dd52SAlek Pinchuk pid$target:*smbd:smbd_authsvc_work:entry
34ed81dd52SAlek Pinchuk {
35ed81dd52SAlek Pinchuk 	self->trace++;
36ed81dd52SAlek Pinchuk }
37ed81dd52SAlek Pinchuk 
38ed81dd52SAlek Pinchuk /*
39ed81dd52SAlek Pinchuk  * If traced and not masked, print entry/return
40ed81dd52SAlek Pinchuk  */
41ed81dd52SAlek Pinchuk pid$target:*smbd::entry,
42ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::entry,
43*d1855c81SGordon Ross pid$target:libmlrpc.so.2::entry,
44ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::entry,
45ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::entry,
46ed81dd52SAlek Pinchuk pid$target:libsmbfs.so.1::entry
47ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/
48ed81dd52SAlek Pinchuk {
49ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg0);
50ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg1);
51ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg2);
52ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg3);
53ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg4);
54ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg5);
55ed81dd52SAlek Pinchuk }
56ed81dd52SAlek Pinchuk 
57ed81dd52SAlek Pinchuk /*
58ed81dd52SAlek Pinchuk  * Mask (don't print) all function calls below these functions.
59ed81dd52SAlek Pinchuk  * These make many boring, repetitive function calls like
60ed81dd52SAlek Pinchuk  * smb_mbtowc, smb_msgbuf_has_space, ...
61ed81dd52SAlek Pinchuk  *
62ed81dd52SAlek Pinchuk  * Also, libmlrpc has rather deep call stacks, particularly under
63ed81dd52SAlek Pinchuk  * ndr_encode_decode_common(), so this stops traces below there.
64ed81dd52SAlek Pinchuk  * Remove that from the mask actions to see the details.
65ed81dd52SAlek Pinchuk  */
66ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:entry,
67ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:entry,
68ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:entry,
69ed81dd52SAlek Pinchuk pid$target::smb_strlwr:entry,
70ed81dd52SAlek Pinchuk pid$target::smb_strupr:entry,
71ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:entry
72ed81dd52SAlek Pinchuk {
73ed81dd52SAlek Pinchuk 	self->mask++;
74ed81dd52SAlek Pinchuk }
75ed81dd52SAlek Pinchuk 
76ed81dd52SAlek Pinchuk /*
77ed81dd52SAlek Pinchuk  * Now inverses of above, unwind order.
78ed81dd52SAlek Pinchuk  */
79ed81dd52SAlek Pinchuk 
80ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:return,
81ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:return,
82ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:return,
83ed81dd52SAlek Pinchuk pid$target::smb_strlwr:return,
84ed81dd52SAlek Pinchuk pid$target::smb_strupr:return,
85ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:return
86ed81dd52SAlek Pinchuk {
87ed81dd52SAlek Pinchuk 	self->mask--;
88ed81dd52SAlek Pinchuk }
89ed81dd52SAlek Pinchuk 
90ed81dd52SAlek Pinchuk pid$target:*smbd::return,
91ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::return,
92*d1855c81SGordon Ross pid$target:libmlrpc.so.2::return,
93ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::return,
94ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::return,
95ed81dd52SAlek Pinchuk pid$target:libsmbfs.so.1::return
96ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/
97ed81dd52SAlek Pinchuk {
98ed81dd52SAlek Pinchuk 	printf("\t0x%x", arg1);
99ed81dd52SAlek Pinchuk }
100ed81dd52SAlek Pinchuk 
101ed81dd52SAlek Pinchuk pid$target:*smbd:smbd_authsvc_work:return
102ed81dd52SAlek Pinchuk {
103ed81dd52SAlek Pinchuk 	self->trace--;
104ed81dd52SAlek Pinchuk }
105