1 #!/usr/sbin/dtrace -s 2 /* 3 * This file and its contents are supplied under the terms of the 4 * Common Development and Distribution License ("CDDL"), version 1.0. 5 * You may only use this file in accordance with the terms of version 6 * 1.0 of the CDDL. 7 * 8 * A full copy of the text of the CDDL should have accompanied this 9 * source. A copy of the CDDL is also available via the Internet at 10 * http://www.illumos.org/license/CDDL. 11 */ 12 13 /* 14 * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 15 */ 16 17 /* 18 * User-level dtrace for the smbd authentication service 19 * Usage: dtrace -s smbd-authsvc.d -p `pgrep smbd` 20 */ 21 22 #pragma D option flowindent 23 24 self int trace; 25 self int mask; 26 27 /* 28 * The smbd_authsvc_work() function is a good place to start tracing 29 * to watch authentication. This function executes all the actions 30 * associated with a single session setup conversation (even though 31 * that conversation will usually involve multiple SMB requests). 32 */ 33 pid$target:*smbd:smbd_authsvc_work:entry 34 { 35 self->trace++; 36 } 37 38 /* 39 * If traced and not masked, print entry/return 40 */ 41 pid$target:*smbd::entry, 42 pid$target:libmlsvc.so.1::entry, 43 pid$target:libmlrpc.so.2::entry, 44 pid$target:libsmbns.so.1::entry, 45 pid$target:libsmb.so.1::entry, 46 pid$target:libsmbfs.so.1::entry 47 /self->trace > 0 && self->mask == 0/ 48 { 49 printf("\t0x%x", arg0); 50 printf("\t0x%x", arg1); 51 printf("\t0x%x", arg2); 52 printf("\t0x%x", arg3); 53 printf("\t0x%x", arg4); 54 printf("\t0x%x", arg5); 55 } 56 57 /* 58 * Mask (don't print) all function calls below these functions. 59 * These make many boring, repetitive function calls like 60 * smb_mbtowc, smb_msgbuf_has_space, ... 61 * 62 * Also, libmlrpc has rather deep call stacks, particularly under 63 * ndr_encode_decode_common(), so this stops traces below there. 64 * Remove that from the mask actions to see the details. 65 */ 66 pid$target::ndr_encode_decode_common:entry, 67 pid$target::smb_msgbuf_decode:entry, 68 pid$target::smb_msgbuf_encode:entry, 69 pid$target::smb_strlwr:entry, 70 pid$target::smb_strupr:entry, 71 pid$target::smb_wcequiv_strlen:entry 72 { 73 self->mask++; 74 } 75 76 /* 77 * Now inverses of above, unwind order. 78 */ 79 80 pid$target::ndr_encode_decode_common:return, 81 pid$target::smb_msgbuf_decode:return, 82 pid$target::smb_msgbuf_encode:return, 83 pid$target::smb_strlwr:return, 84 pid$target::smb_strupr:return, 85 pid$target::smb_wcequiv_strlen:return 86 { 87 self->mask--; 88 } 89 90 pid$target:*smbd::return, 91 pid$target:libmlsvc.so.1::return, 92 pid$target:libmlrpc.so.2::return, 93 pid$target:libsmbns.so.1::return, 94 pid$target:libsmb.so.1::return, 95 pid$target:libsmbfs.so.1::return 96 /self->trace > 0 && self->mask == 0/ 97 { 98 printf("\t0x%x", arg1); 99 } 100 101 pid$target:*smbd:smbd_authsvc_work:return 102 { 103 self->trace--; 104 } 105