1 #!/usr/sbin/dtrace -s
   2 /*
   3  * This file and its contents are supplied under the terms of the
   4  * Common Development and Distribution License ("CDDL"), version 1.0.
   5  * You may only use this file in accordance with the terms of version
   6  * 1.0 of the CDDL.
   7  *
   8  * A full copy of the text of the CDDL should have accompanied this
   9  * source.  A copy of the CDDL is also available via the Internet at
  10  * http://www.illumos.org/license/CDDL.
  11  */
  12 
  13 /*
  14  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  15  */
  16 
  17 /*
  18  * User-level dtrace for the smbd authentication service
  19  * Usage: dtrace -s smbd-authsvc.d -p `pgrep smbd`
  20  */
  21 
  22 #pragma D option flowindent
  23 
  24 self int trace;
  25 self int mask;
  26 
  27 /*
  28  * The smbd_authsvc_work() function is a good place to start tracing
  29  * to watch authentication.  This function executes all the actions
  30  * associated with a single session setup conversation (even though
  31  * that conversation will usually involve multiple SMB requests).
  32  */
  33 pid$target:*smbd:smbd_authsvc_work:entry
  34 {
  35         self->trace++;
  36 }
  37 
  38 /*
  39  * If traced and not masked, print entry/return
  40  */
  41 pid$target:*smbd::entry,
  42 pid$target:libmlsvc.so.1::entry,
  43 pid$target:libmlrpc.so.1::entry,
  44 pid$target:libsmbns.so.1::entry,
  45 pid$target:libsmb.so.1::entry,
  46 pid$target:libsmbfs.so.1::entry
  47 /self->trace > 0 && self->mask == 0/
  48 {
  49         printf("\t0x%x", arg0);
  50         printf("\t0x%x", arg1);
  51         printf("\t0x%x", arg2);
  52         printf("\t0x%x", arg3);
  53         printf("\t0x%x", arg4);
  54         printf("\t0x%x", arg5);
  55 }
  56 
  57 /*
  58  * Mask (don't print) all function calls below these functions.
  59  * These make many boring, repetitive function calls like
  60  * smb_mbtowc, smb_msgbuf_has_space, ...
  61  *
  62  * Also, libmlrpc has rather deep call stacks, particularly under
  63  * ndr_encode_decode_common(), so this stops traces below there.

  72 {
  73         self->mask++;
  74 }
  75 
  76 /*
  77  * Now inverses of above, unwind order.
  78  */
  79 
  80 pid$target::ndr_encode_decode_common:return,
  81 pid$target::smb_msgbuf_decode:return,
  82 pid$target::smb_msgbuf_encode:return,
  83 pid$target::smb_strlwr:return,
  84 pid$target::smb_strupr:return,
  85 pid$target::smb_wcequiv_strlen:return
  86 {
  87         self->mask--;
  88 }
  89 
  90 pid$target:*smbd::return,
  91 pid$target:libmlsvc.so.1::return,
  92 pid$target:libmlrpc.so.1::return,
  93 pid$target:libsmbns.so.1::return,
  94 pid$target:libsmb.so.1::return,
  95 pid$target:libsmbfs.so.1::return
  96 /self->trace > 0 && self->mask == 0/
  97 {
  98         printf("\t0x%x", arg1);
  99 }
 100 
 101 pid$target:*smbd:smbd_authsvc_work:return
 102 {
 103         self->trace--;
 104 }

   1 #!/usr/sbin/dtrace -s
   2 /*
   3  * This file and its contents are supplied under the terms of the
   4  * Common Development and Distribution License ("CDDL"), version 1.0.
   5  * You may only use this file in accordance with the terms of version
   6  * 1.0 of the CDDL.
   7  *
   8  * A full copy of the text of the CDDL should have accompanied this
   9  * source.  A copy of the CDDL is also available via the Internet at
  10  * http://www.illumos.org/license/CDDL.
  11  */
  12 
  13 /*
  14  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  15  */
  16 
  17 /*
  18  * User-level dtrace for the smbd authentication service
  19  * Usage: dtrace -s smbd-authsvc.d -p `pgrep smbd`
  20  */
  21 
  22 #pragma D option flowindent
  23 
  24 self int trace;
  25 self int mask;
  26 
  27 /*
  28  * The smbd_authsvc_work() function is a good place to start tracing
  29  * to watch authentication.  This function executes all the actions
  30  * associated with a single session setup conversation (even though
  31  * that conversation will usually involve multiple SMB requests).
  32  */
  33 pid$target:*smbd:smbd_authsvc_work:entry
  34 {
  35         self->trace++;
  36 }
  37 
  38 /*
  39  * If traced and not masked, print entry/return
  40  */
  41 pid$target:*smbd::entry,
  42 pid$target:libmlsvc.so.1::entry,
  43 pid$target:libmlrpc.so.2::entry,
  44 pid$target:libsmbns.so.1::entry,
  45 pid$target:libsmb.so.1::entry,
  46 pid$target:libsmbfs.so.1::entry
  47 /self->trace > 0 && self->mask == 0/
  48 {
  49         printf("\t0x%x", arg0);
  50         printf("\t0x%x", arg1);
  51         printf("\t0x%x", arg2);
  52         printf("\t0x%x", arg3);
  53         printf("\t0x%x", arg4);
  54         printf("\t0x%x", arg5);
  55 }
  56 
  57 /*
  58  * Mask (don't print) all function calls below these functions.
  59  * These make many boring, repetitive function calls like
  60  * smb_mbtowc, smb_msgbuf_has_space, ...
  61  *
  62  * Also, libmlrpc has rather deep call stacks, particularly under
  63  * ndr_encode_decode_common(), so this stops traces below there.

  72 {
  73         self->mask++;
  74 }
  75 
  76 /*
  77  * Now inverses of above, unwind order.
  78  */
  79 
  80 pid$target::ndr_encode_decode_common:return,
  81 pid$target::smb_msgbuf_decode:return,
  82 pid$target::smb_msgbuf_encode:return,
  83 pid$target::smb_strlwr:return,
  84 pid$target::smb_strupr:return,
  85 pid$target::smb_wcequiv_strlen:return
  86 {
  87         self->mask--;
  88 }
  89 
  90 pid$target:*smbd::return,
  91 pid$target:libmlsvc.so.1::return,
  92 pid$target:libmlrpc.so.2::return,
  93 pid$target:libsmbns.so.1::return,
  94 pid$target:libsmb.so.1::return,
  95 pid$target:libsmbfs.so.1::return
  96 /self->trace > 0 && self->mask == 0/
  97 {
  98         printf("\t0x%x", arg1);
  99 }
 100 
 101 pid$target:*smbd:smbd_authsvc_work:return
 102 {
 103         self->trace--;
 104 }