[PATCH] Log client process name in winbindd
Andreas Schneider
asn at samba.org
Fri Nov 9 16:06:51 UTC 2018
On Friday, 9 November 2018 01:01:05 CET Jeremy Allison wrote:
> Yeah, OK. But I get nervous when I see
>
> snprintf(buf, len, XXXX...)
>
> calls with no checks. Maybe just make them
> into:
>
> (void)snprintf(buf, len, XXXX...)
>
> so it's explicit we're ignoring the return ?
I hope the attached patchset addresses your concerns.
Thanks,
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
>From 6b8f42ad8518c8913619a77e11828f1751c878b1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 2 Nov 2018 18:04:28 +0100
Subject: [PATCH 01/11] lib:replace: Add getprogname()
Signed-off-by: Andreas Schneider <asn at samba.org>
---
lib/replace/replace.c | 71 +++++++++++++++++++++++++++++++++++++++++++
lib/replace/replace.h | 5 +++
lib/replace/wscript | 1 +
3 files changed, 77 insertions(+)
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index 113137c2992..e38df98ea3a 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -978,3 +978,74 @@ int rep_memset_s(void *dest, size_t destsz, int ch, size_t count)
return 0;
}
#endif /* HAVE_MEMSET_S */
+
+#ifndef HAVE_GETPROGNAME
+# ifndef _GNU_SOURCE
+# define PROGNAME_SIZE 32
+static char rep_progname[PROGNAME_SIZE];
+# endif /* _GNU_SOURCE */
+
+const char *rep_getprogname(void)
+{
+#ifdef _GNU_SOURCE
+ return program_invocation_short_name;
+#else /* _GNU_SOURCE */
+ FILE *fp = NULL;
+ char cmdline[4096] = {0};
+ char *p = NULL;
+ pid_t pid;
+ size_t nread;
+ int len;
+
+ if (rep_progname[0] != '\0') {
+ return rep_progname;
+ }
+
+ len = snprintf(rep_progname, sizeof(rep_progname), "%s", "<unknown>");
+ if (len <= 0) {
+ return "<unknown>";
+ }
+
+ pid = getpid();
+ if (pid <= 1 || pid == (pid_t)-1) {
+ return rep_progname;
+ }
+
+ len = snprintf(cmdline,
+ sizeof(cmdline),
+ "/proc/%u/cmdline",
+ (unsigned int)pid);
+ if (len <= 0 || len == sizeof(cmdline)) {
+ return rep_progname;
+ }
+
+ fp = fopen(cmdline, "r");
+ if (fp == NULL) {
+ return rep_progname;
+ }
+
+ nread = fread(cmdline, 1, sizeof(cmdline) - 1, fp);
+ if (nread == 0) {
+ return rep_progname;
+ }
+
+ cmdline[nread] = '\0';
+
+ p = strrchr(cmdline, '/');
+ if (p != NULL) {
+ p++;
+ } else {
+ p = cmdline;
+ }
+
+ len = strlen(p);
+ if (len > PROGNAME_SIZE) {
+ p[PROGNAME_SIZE - 1] = '\0';
+ }
+
+ (void)snprintf(rep_progname, sizeof(rep_progname), "%s", p);
+
+ return rep_progname;
+#endif /* _GNU_SOURCE */
+}
+#endif /* HAVE_GETPROGNAME */
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index de4e20c4454..732a8226858 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -933,6 +933,11 @@ void rep_setproctitle_init(int argc, char *argv[], char *envp[]);
int rep_memset_s(void *dest, size_t destsz, int ch, size_t count);
#endif
+#ifndef HAVE_GETPROGNAME
+#define getprogname rep_getprogname
+const char *rep_getprogname(void);
+#endif
+
#ifndef FALL_THROUGH
# ifdef HAVE_FALLTHROUGH_ATTRIBUTE
# define FALL_THROUGH __attribute__ ((fallthrough))
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 8adfffe9584..c8693a3f2e1 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -426,6 +426,7 @@ def configure(conf):
conf.CHECK_FUNCS('getgrent_r getgrgid_r getgrnam_r getgrouplist getpagesize')
conf.CHECK_FUNCS('getpwent_r getpwnam_r getpwuid_r epoll_create')
conf.CHECK_FUNCS('port_create')
+ conf.CHECK_FUNCS('getprogname')
conf.SET_TARGET_TYPE('attr', 'EMPTY')
--
2.19.1
>From 63d94df019eaa68163f490cce42937b246481957 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 2 Nov 2018 18:39:26 +0100
Subject: [PATCH 02/11] wbclient: Send the client process name talking to
winbind
This is for better debugging messages.
Signed-off-by: Andreas Schneider <asn at samba.org>
---
nsswitch/wb_common.c | 23 +++++++++++++++++++++++
nsswitch/winbind_struct_protocol.h | 4 +++-
source3/torture/wbc_async.c | 4 ++++
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index 59370aa5bbc..13c38f213ba 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -31,6 +31,8 @@
#include <pthread.h>
#endif
+static char client_name[32];
+
/* Global context */
struct winbindd_context {
@@ -75,6 +77,23 @@ void winbindd_free_response(struct winbindd_response *response)
SAFE_FREE(response->extra_data.data);
}
+static const char *winbind_get_client_name(void)
+{
+ if (client_name[0] == '\0') {
+ int len;
+
+ len = snprintf(client_name,
+ sizeof(client_name),
+ "%s",
+ getprogname());
+ if (len <= 0) {
+ return "<unkonwn>";
+ }
+ }
+
+ return client_name;
+}
+
/* Initialise a request structure */
static void winbindd_init_request(struct winbindd_request *request,
@@ -85,6 +104,10 @@ static void winbindd_init_request(struct winbindd_request *request,
request->cmd = (enum winbindd_cmd)request_type;
request->pid = getpid();
+ (void)snprintf(request->client_name,
+ sizeof(request->client_name),
+ "%s",
+ winbind_get_client_name());
}
/* Initialise a response structure */
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index 3f3ebd0b66d..f184c957ab8 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -60,8 +60,9 @@ typedef char fstring[FSTRING_LEN];
* removed WINBINDD_UID_TO_SID
* 29: added "authoritative" to response.data.auth
* 30: added "validation_level" and "info6" to response.data.auth
+ * 31: added "client_name" to the request
*/
-#define WINBIND_INTERFACE_VERSION 30
+#define WINBIND_INTERFACE_VERSION 31
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
@@ -250,6 +251,7 @@ struct winbindd_request {
uint32_t wb_flags; /* generic flags */
uint32_t flags; /* flags relevant *only* to a given request */
fstring domain_name; /* name of domain for which the request applies */
+ char client_name[32]; /* The client process sending the request */
union {
fstring winsreq; /* WINS request */
diff --git a/source3/torture/wbc_async.c b/source3/torture/wbc_async.c
index a9020ddcda5..e45c01c50a0 100644
--- a/source3/torture/wbc_async.c
+++ b/source3/torture/wbc_async.c
@@ -402,6 +402,10 @@ static void wb_open_pipe_connect_nonpriv_done(struct tevent_req *subreq)
ZERO_STRUCT(state->wb_req);
state->wb_req.cmd = WINBINDD_INTERFACE_VERSION;
state->wb_req.pid = getpid();
+ (void)snprintf(state->wb_req.client_name,
+ sizeof(state->wb_req.client_name),
+ "%s",
+ "TORTURE");
subreq = wb_simple_trans_send(state, state->ev, NULL,
state->wb_ctx->fd, &state->wb_req);
--
2.19.1
>From 6c715f92cf85f9f057b5bf733005a64bbee5462c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 2 Nov 2018 18:45:26 +0100
Subject: [PATCH 03/11] s3:winbindd: Also log the process name in winbindd
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/winbindd/winbindd.c | 19 ++++++++++++++-----
source3/winbindd/winbindd.h | 1 +
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 07a81329358..86c3cd95244 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -708,6 +708,9 @@ static struct tevent_req *process_request_send(
/* Remember who asked us. */
cli_state->pid = cli_state->request->pid;
+ memcpy(cli_state->client_name,
+ cli_state->request->client_name,
+ sizeof(cli_state->client_name));
cli_state->cmd_name = "unknown request";
cli_state->recv_fn = NULL;
@@ -734,8 +737,11 @@ static struct tevent_req *process_request_send(
cli_state->cmd_name = atable->cmd_name;
cli_state->recv_fn = atable->recv_req;
- DEBUG(10, ("process_request: Handling async request %d:%s\n",
- (int)cli_state->pid, cli_state->cmd_name));
+ DBG_DEBUG("process_request: "
+ "Handling async request %s(%d):%s\n",
+ cli_state->client_name,
+ (int)cli_state->pid,
+ cli_state->cmd_name);
subreq = atable->send_req(
state,
@@ -797,7 +803,8 @@ static void process_request_done(struct tevent_req *subreq)
status = cli_state->recv_fn(subreq, cli_state->response);
TALLOC_FREE(subreq);
- DBG_DEBUG("[%d:%s]: %s\n",
+ DBG_DEBUG("[%s(%d):%s]: %s\n",
+ cli_state->client_name,
(int)cli_state->pid,
cli_state->cmd_name,
nt_errstr(status));
@@ -841,8 +848,10 @@ static void process_request_written(struct tevent_req *subreq)
return;
}
- DBG_DEBUG("[%d:%s]: delivered response to client\n",
- (int)cli_state->pid, cli_state->cmd_name);
+ DBG_DEBUG("[%s(%d):%s]: delivered response to client\n",
+ cli_state->client_name,
+ (int)cli_state->pid,
+ cli_state->cmd_name);
TALLOC_FREE(cli_state->mem_ctx);
cli_state->response = NULL;
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 6d4b92f27cf..7490d62a705 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -47,6 +47,7 @@ struct winbindd_cli_state {
struct winbindd_cli_state *prev, *next; /* Linked list pointers */
int sock; /* Open socket from client */
pid_t pid; /* pid of client */
+ char client_name[32]; /* The process name of the client */
time_t last_access; /* Time of last access (read or write) */
bool privileged; /* Is the client 'privileged' */
--
2.19.1
>From e797427e2525c0a814ec673107fd6fea583ea1cb Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 2 Nov 2018 18:56:29 +0100
Subject: [PATCH 04/11] s3:winbind: Log client process name
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/winbindd/winbindd_getdcname.c | 6 ++++--
source3/winbindd/winbindd_getgrent.c | 4 +++-
source3/winbindd/winbindd_getgrgid.c | 5 ++++-
source3/winbindd/winbindd_getgrnam.c | 5 ++++-
source3/winbindd/winbindd_getgroups.c | 5 ++++-
source3/winbindd/winbindd_getpwent.c | 4 +++-
source3/winbindd/winbindd_getpwnam.c | 5 ++++-
source3/winbindd/winbindd_getpwsid.c | 5 ++++-
source3/winbindd/winbindd_getpwuid.c | 5 ++++-
source3/winbindd/winbindd_getsidaliases.c | 5 ++++-
source3/winbindd/winbindd_getuserdomgroups.c | 5 ++++-
source3/winbindd/winbindd_getusersids.c | 5 ++++-
12 files changed, 46 insertions(+), 13 deletions(-)
diff --git a/source3/winbindd/winbindd_getdcname.c b/source3/winbindd/winbindd_getdcname.c
index c8213ae4880..f6b62757527 100644
--- a/source3/winbindd/winbindd_getdcname.c
+++ b/source3/winbindd/winbindd_getdcname.c
@@ -43,8 +43,10 @@ struct tevent_req *winbindd_getdcname_send(TALLOC_CTX *mem_ctx,
request->domain_name[sizeof(request->domain_name)-1] = '\0';
- DEBUG(3, ("[%5lu]: getdcname for %s\n", (unsigned long)cli->pid,
- request->domain_name));
+ DBG_NOTICE("[%s (%u)] getdcname for %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->domain_name);
subreq = wb_dsgetdcname_send(state, ev, request->domain_name, NULL,
NULL, 0);
diff --git a/source3/winbindd/winbindd_getgrent.c b/source3/winbindd/winbindd_getgrent.c
index 15a35f7044e..b78d1f5b465 100644
--- a/source3/winbindd/winbindd_getgrent.c
+++ b/source3/winbindd/winbindd_getgrent.c
@@ -48,7 +48,9 @@ struct tevent_req *winbindd_getgrent_send(TALLOC_CTX *mem_ctx,
state->num_groups = 0;
state->cli = cli;
- DEBUG(3, ("[%5lu]: getgrent\n", (unsigned long)cli->pid));
+ DBG_NOTICE("[%s (%u)] getgrent\n",
+ cli->client_name,
+ (unsigned int)cli->pid);
if (cli->grent_state == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
diff --git a/source3/winbindd/winbindd_getgrgid.c b/source3/winbindd/winbindd_getgrgid.c
index 640ebfa4969..49a24dee7a4 100644
--- a/source3/winbindd/winbindd_getgrgid.c
+++ b/source3/winbindd/winbindd_getgrgid.c
@@ -49,7 +49,10 @@ struct tevent_req *winbindd_getgrgid_send(TALLOC_CTX *mem_ctx,
}
state->ev = ev;
- DEBUG(3, ("getgrgid %d\n", (int)request->data.gid));
+ DBG_NOTICE("[%s (%u)] getgrgid %d\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ (int)request->data.gid);
state->xid = (struct unixid) {
.id = request->data.uid, .type = ID_TYPE_GID };
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index 37c205ddba4..db53848055a 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -54,7 +54,10 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.groupname[sizeof(request->data.groupname)-1]='\0';
- DEBUG(3, ("getgrnam %s\n", request->data.groupname));
+ DBG_NOTICE("[%s (%u)] getgrnam %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.groupname);
nt_status = normalize_name_unmap(state, request->data.groupname, &tmp);
/* If we didn't map anything in the above call, just reset the
diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index f7f2df5f7b1..16c06395d70 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -59,7 +59,10 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.username[sizeof(request->data.username)-1]='\0';
- DEBUG(3, ("getgroups %s\n", request->data.username));
+ DBG_NOTICE("[%s (%u)] getgroups %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.username);
domuser = request->data.username;
diff --git a/source3/winbindd/winbindd_getpwent.c b/source3/winbindd/winbindd_getpwent.c
index 9e5190a3c60..030a013c160 100644
--- a/source3/winbindd/winbindd_getpwent.c
+++ b/source3/winbindd/winbindd_getpwent.c
@@ -47,7 +47,9 @@ struct tevent_req *winbindd_getpwent_send(TALLOC_CTX *mem_ctx,
state->num_users = 0;
state->cli = cli;
- DEBUG(3, ("[%5lu]: getpwent\n", (unsigned long)cli->pid));
+ DBG_NOTICE("[%s (%u)] getpwent\n",
+ cli->client_name,
+ (unsigned int)cli->pid);
if (cli->pwent_state == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
diff --git a/source3/winbindd/winbindd_getpwnam.c b/source3/winbindd/winbindd_getpwnam.c
index 8da66c25141..63274cab5a0 100644
--- a/source3/winbindd/winbindd_getpwnam.c
+++ b/source3/winbindd/winbindd_getpwnam.c
@@ -55,7 +55,10 @@ struct tevent_req *winbindd_getpwnam_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.username[sizeof(request->data.username)-1]='\0';
- DEBUG(3, ("getpwnam %s\n", request->data.username));
+ DBG_NOTICE("[%s (%u)] getpwnam %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.username);
domuser = request->data.username;
diff --git a/source3/winbindd/winbindd_getpwsid.c b/source3/winbindd/winbindd_getpwsid.c
index 52481700756..f12d5296004 100644
--- a/source3/winbindd/winbindd_getpwsid.c
+++ b/source3/winbindd/winbindd_getpwsid.c
@@ -45,7 +45,10 @@ struct tevent_req *winbindd_getpwsid_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.sid[sizeof(request->data.sid)-1]='\0';
- DEBUG(3, ("getpwsid %s\n", request->data.sid));
+ DBG_NOTICE("[%s (%u)] getpwsid %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.sid);
if (!string_to_sid(&state->sid, request->data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n",
diff --git a/source3/winbindd/winbindd_getpwuid.c b/source3/winbindd/winbindd_getpwuid.c
index d7a1f4de5e5..319f2f71ad9 100644
--- a/source3/winbindd/winbindd_getpwuid.c
+++ b/source3/winbindd/winbindd_getpwuid.c
@@ -46,7 +46,10 @@ struct tevent_req *winbindd_getpwuid_send(TALLOC_CTX *mem_ctx,
}
state->ev = ev;
- DEBUG(3, ("getpwuid %d\n", (int)request->data.uid));
+ DBG_NOTICE("[%s (%u)] getpwuid %d\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ (int)request->data.uid);
state->xid = (struct unixid) {
.id = request->data.uid, .type = ID_TYPE_UID };
diff --git a/source3/winbindd/winbindd_getsidaliases.c b/source3/winbindd/winbindd_getsidaliases.c
index e40a51dbd6d..291e32f7996 100644
--- a/source3/winbindd/winbindd_getsidaliases.c
+++ b/source3/winbindd/winbindd_getsidaliases.c
@@ -49,7 +49,10 @@ struct tevent_req *winbindd_getsidaliases_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.sid[sizeof(request->data.sid)-1]='\0';
- DEBUG(3, ("getsidaliases %s\n", request->data.sid));
+ DBG_NOTICE("[%s (%u)] getsidaliases %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.sid);
if (!string_to_sid(&state->sid, request->data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n",
diff --git a/source3/winbindd/winbindd_getuserdomgroups.c b/source3/winbindd/winbindd_getuserdomgroups.c
index 24ec1ddc019..df90a87c7a2 100644
--- a/source3/winbindd/winbindd_getuserdomgroups.c
+++ b/source3/winbindd/winbindd_getuserdomgroups.c
@@ -46,7 +46,10 @@ struct tevent_req *winbindd_getuserdomgroups_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.sid[sizeof(request->data.sid)-1]='\0';
- DEBUG(3, ("getuserdomgroups %s\n", request->data.sid));
+ DBG_NOTICE("[%s (%u)] getuserdomgroups %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.sid);
if (!string_to_sid(&state->sid, request->data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n",
diff --git a/source3/winbindd/winbindd_getusersids.c b/source3/winbindd/winbindd_getusersids.c
index d6995c4390a..024bad2b9e5 100644
--- a/source3/winbindd/winbindd_getusersids.c
+++ b/source3/winbindd/winbindd_getusersids.c
@@ -46,7 +46,10 @@ struct tevent_req *winbindd_getusersids_send(TALLOC_CTX *mem_ctx,
/* Ensure null termination */
request->data.sid[sizeof(request->data.sid)-1]='\0';
- DEBUG(3, ("getusersids %s\n", request->data.sid));
+ DBG_NOTICE("[%s (%u)] getusersids %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.sid);
if (!string_to_sid(&state->sid, request->data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n",
--
2.19.1
>From ddd4c121301cfa35c32a66a74579495601d11a24 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 5 Nov 2018 11:55:46 +0100
Subject: [PATCH 05/11] s3:winbind: Log client process name in winbind_misc
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/winbindd/winbindd_misc.c | 46 +++++++++++++++++++++-----------
1 file changed, 30 insertions(+), 16 deletions(-)
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 99606ca4cf5..df817126447 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -212,8 +212,9 @@ bool winbindd_list_trusted_domains(struct winbindd_cli_state *state)
size_t i = 0;
bool ret = false;
- DEBUG(3, ("[%5lu]: list trusted domains\n",
- (unsigned long)state->pid));
+ DBG_NOTICE("[%s (%u)]: list trusted domains\n",
+ state->client_name,
+ (unsigned int)state->pid);
if( !wcache_tdc_fetch_list( &dom_list, &num_domains )) {
goto done;
@@ -284,8 +285,9 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
bool have_own_domain = False;
struct netr_DomainTrustList trusts;
- DEBUG(3, ("[%5lu]: list trusted domains\n",
- (unsigned long)state->pid));
+ DBG_NOTICE("[%s %u]: list trusted domains\n",
+ state->client_name,
+ (unsigned int)state->pid);
result = wb_cache_trusted_domains(domain, state->mem_ctx, &trusts);
@@ -353,8 +355,10 @@ bool winbindd_dc_info(struct winbindd_cli_state *cli)
cli->request->domain_name[sizeof(cli->request->domain_name)-1] = '\0';
- DEBUG(3, ("[%5lu]: domain_info [%s]\n", (unsigned long)cli->pid,
- cli->request->domain_name));
+ DBG_NOTICE("[%s (%u)]: domain_info [%s]\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ cli->request->domain_name);
if (cli->request->domain_name[0] != '\0') {
domain = find_trust_from_name_noinit(
@@ -395,7 +399,9 @@ bool winbindd_dc_info(struct winbindd_cli_state *cli)
bool winbindd_ping(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5lu]: ping\n", (unsigned long)state->pid));
+ DBG_NOTICE("[%s (%u)]: ping\n",
+ state->client_name,
+ (unsigned int)state->pid);
return true;
}
@@ -404,7 +410,9 @@ bool winbindd_ping(struct winbindd_cli_state *state)
bool winbindd_info(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5lu]: request misc info\n", (unsigned long)state->pid));
+ DBG_NOTICE("[%s (%u)]: request misc info\n",
+ state->client_name,
+ (unsigned int)state->pid);
state->response->data.info.winbind_separator = *lp_winbind_separator();
fstrcpy(state->response->data.info.samba_version, samba_version_string());
@@ -415,8 +423,10 @@ bool winbindd_info(struct winbindd_cli_state *state)
bool winbindd_interface_version(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5lu]: request interface version (version = %d)\n",
- (unsigned long)state->pid, WINBIND_INTERFACE_VERSION));
+ DBG_NOTICE("[%s (%u)]: request interface version (version = %d)\n",
+ state->client_name,
+ (unsigned int)state->pid,
+ WINBIND_INTERFACE_VERSION);
state->response->data.interface_version = WINBIND_INTERFACE_VERSION;
return true;
@@ -426,7 +436,9 @@ bool winbindd_interface_version(struct winbindd_cli_state *state)
bool winbindd_domain_name(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5lu]: request domain name\n", (unsigned long)state->pid));
+ DBG_NOTICE("[%s (%u)]: request domain name\n",
+ state->client_name,
+ (unsigned int)state->pid);
fstrcpy(state->response->data.domain_name, lp_workgroup());
return true;
@@ -436,8 +448,9 @@ bool winbindd_domain_name(struct winbindd_cli_state *state)
bool winbindd_netbios_name(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5lu]: request netbios name\n",
- (unsigned long)state->pid));
+ DBG_NOTICE("[%s (%u)]: request netbios name\n",
+ state->client_name,
+ (unsigned int)state->pid);
fstrcpy(state->response->data.netbios_name, lp_netbios_name());
return true;
@@ -448,8 +461,10 @@ bool winbindd_netbios_name(struct winbindd_cli_state *state)
bool winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
{
char *priv_dir;
- DEBUG(3, ("[%5lu]: request location of privileged pipe\n",
- (unsigned long)state->pid));
+
+ DBG_NOTICE("[%s (%u)]: request location of privileged pipe\n",
+ state->client_name,
+ (unsigned int)state->pid);
priv_dir = get_winbind_priv_pipe_dir();
state->response->extra_data.data = talloc_move(state->mem_ctx,
@@ -461,4 +476,3 @@ bool winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
return true;
}
-
--
2.19.1
>From 6e28a7b5ed7d539e152c4abca16e60043e90adfd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 5 Nov 2018 11:56:21 +0100
Subject: [PATCH 06/11] s3:winbind: Log client process name for PAM auth
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/winbindd/winbindd_pam_auth.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/source3/winbindd/winbindd_pam_auth.c b/source3/winbindd/winbindd_pam_auth.c
index f91879e1c17..e3c18f9525c 100644
--- a/source3/winbindd/winbindd_pam_auth.c
+++ b/source3/winbindd/winbindd_pam_auth.c
@@ -52,8 +52,10 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX *mem_ctx,
request->data.auth.user[sizeof(request->data.auth.user)-1] = '\0';
request->data.auth.pass[sizeof(request->data.auth.pass)-1] = '\0';
- DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)cli->pid,
- request->data.auth.user));
+ DBG_NOTICE("[%s (%u)]: pam auth %s\n",
+ cli->client_name,
+ (unsigned int)cli->pid,
+ request->data.auth.user);
if (!check_request_flags(request->flags)) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
--
2.19.1
>From 48f4e4bd473769469556a6705b5d775dcff6f738 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 2 Nov 2018 18:57:05 +0100
Subject: [PATCH 07/11] wbclient: Add wbcSetClientProcessName()
Signed-off-by: Andreas Schneider <asn at samba.org>
---
nsswitch/libwbclient/wbc_util.c | 5 +++++
nsswitch/libwbclient/wbclient.h | 13 +++++++++++++
nsswitch/wb_common.c | 9 +++++++++
nsswitch/winbind_client.h | 2 ++
4 files changed, 29 insertions(+)
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index fc6a840cc71..476ed50fa44 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -894,3 +894,8 @@ done:
wbcFreeMemory(blobs);
return wbc_status;
}
+
+void wbcSetClientProcessName(const char *name)
+{
+ winbind_set_client_name(name);
+}
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index 81a6a6a069b..341a733dd6c 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -2051,4 +2051,17 @@ wbcErr wbcAddNamedBlob(size_t *num_blobs,
uint8_t *data,
size_t length);
+/**
+ * @brief Set the name of the process which call wbclient.
+ *
+ * By default wbclient will figure out the process name. This should just be
+ * used in special cases like pam modules or similar. Only alpha numeric
+ * chars in ASCII are allowed.
+ *
+ * This function should only be called once!
+ *
+ * @param[in] name The process name to set.
+ */
+void wbcSetClientProcessName(const char *name);
+
#endif /* _WBCLIENT_H */
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index 13c38f213ba..6eea32c7e2a 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -77,6 +77,15 @@ void winbindd_free_response(struct winbindd_response *response)
SAFE_FREE(response->extra_data.data);
}
+void winbind_set_client_name(const char *name)
+{
+ if (name == NULL || strlen(name) == 0) {
+ return;
+ }
+
+ (void)snprintf(client_name, sizeof(client_name), "%s", name);
+}
+
static const char *winbind_get_client_name(void)
{
if (client_name[0] == '\0') {
diff --git a/nsswitch/winbind_client.h b/nsswitch/winbind_client.h
index fd39ea39b4e..c0ee6c9391a 100644
--- a/nsswitch/winbind_client.h
+++ b/nsswitch/winbind_client.h
@@ -44,6 +44,8 @@ NSS_STATUS winbindd_priv_request_response(struct winbindd_context *ctx,
struct winbindd_request *request,
struct winbindd_response *response);
+void winbind_set_client_name(const char *name);
+
#define winbind_env_set() \
(strcmp(getenv(WINBINDD_DONT_ENV)?getenv(WINBINDD_DONT_ENV):"0","1") == 0)
--
2.19.1
>From 2a8ad3aa222452806541878c5b456884ee870f6d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 5 Nov 2018 08:11:27 +0100
Subject: [PATCH 08/11] krb5_plugin: Set the wbclient process name
Signed-off-by: Andreas Schneider <asn at samba.org>
---
nsswitch/krb5_plugin/winbind_krb5_localauth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nsswitch/krb5_plugin/winbind_krb5_localauth.c b/nsswitch/krb5_plugin/winbind_krb5_localauth.c
index b412575e4fe..e27bd6c6c54 100644
--- a/nsswitch/krb5_plugin/winbind_krb5_localauth.c
+++ b/nsswitch/krb5_plugin/winbind_krb5_localauth.c
@@ -52,6 +52,8 @@ static krb5_error_code winbind_init(krb5_context context,
return ENOMEM;
}
+ wbcSetClientProcessName("krb5_localauth_plugin");
+
*data = d;
return 0;
--
2.19.1
>From c68b6beb32592745ec855495be045c8dcf8e5065 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 5 Nov 2018 08:14:48 +0100
Subject: [PATCH 09/11] nss_winbind: Set the client process name
Signed-off-by: Andreas Schneider <asn at samba.org>
---
nsswitch/winbind_nss_linux.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c
index 442c06e612f..c7443e505bf 100644
--- a/nsswitch/winbind_nss_linux.c
+++ b/nsswitch/winbind_nss_linux.c
@@ -378,6 +378,7 @@ _nss_winbind_setpwent(void)
winbindd_free_response(&getpwent_response);
}
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_SETPWENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
@@ -409,6 +410,7 @@ _nss_winbind_endpwent(void)
winbindd_free_response(&getpwent_response);
}
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_ENDPWENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
@@ -458,6 +460,7 @@ _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
request.data.num_entries = MAX_GETPWENT_USERS;
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_GETPWENT, &request,
&getpwent_response);
@@ -546,6 +549,7 @@ _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
request.data.uid = uid;
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_GETPWUID, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
@@ -622,6 +626,7 @@ _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
request.data.username
[sizeof(request.data.username) - 1] = '\0';
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_GETPWNAM, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
@@ -693,6 +698,7 @@ _nss_winbind_setgrent(void)
winbindd_free_response(&getgrent_response);
}
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_SETGRENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
@@ -725,6 +731,7 @@ _nss_winbind_endgrent(void)
winbindd_free_response(&getgrent_response);
}
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_ENDGRENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
@@ -776,6 +783,7 @@ winbind_getgrent(enum winbindd_cmd cmd,
request.data.num_entries = MAX_GETGRENT_USERS;
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, cmd, &request,
&getgrent_response);
@@ -895,6 +903,7 @@ _nss_winbind_getgrnam_r(const char *name,
request.data.groupname
[sizeof(request.data.groupname) - 1] = '\0';
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_GETGRNAM,
&request, &response);
@@ -974,6 +983,7 @@ _nss_winbind_getgrgid_r(gid_t gid,
request.data.gid = gid;
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_GETGRGID,
&request, &response);
@@ -1048,6 +1058,7 @@ _nss_winbind_initgroups_dyn(const char *user, gid_t group, long int *start,
strncpy(request.data.username, user,
sizeof(request.data.username) - 1);
+ winbind_set_client_name("nss_winbind");
ret = winbindd_request_response(NULL, WINBINDD_GETGROUPS,
&request, &response);
--
2.19.1
>From 3c387f69f67ac742a93a04a2fdd5bbf72716a598 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 5 Nov 2018 08:16:23 +0100
Subject: [PATCH 10/11] nss_wins: Set client process name
Signed-off-by: Andreas Schneider <asn at samba.org>
---
nsswitch/wins.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nsswitch/wins.c b/nsswitch/wins.c
index 72055f099b6..ddbbb03d844 100644
--- a/nsswitch/wins.c
+++ b/nsswitch/wins.c
@@ -69,6 +69,7 @@ static char *lookup_byname_backend(const char *name)
return NULL;
}
+ wbcSetClientProcessName("nss_wins");
result = wbcResolveWinsByName(name, &ip);
if (result != WBC_ERR_SUCCESS) {
return NULL;
@@ -89,6 +90,7 @@ static char *lookup_byaddr_backend(const char *ip)
wbcErr result;
char *name = NULL;
+ wbcSetClientProcessName("nss_wins");
result = wbcResolveWinsByIP(ip, &name);
if (result != WBC_ERR_SUCCESS) {
return NULL;
--
2.19.1
>From 38bca00441347b7eafb325f6d2035a917dedb405 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 2 Nov 2018 18:58:25 +0100
Subject: [PATCH 11/11] pam_winbind: Set the request type as client name
Signed-off-by: Andreas Schneider <asn at samba.org>
---
nsswitch/pam_winbind.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 1a58ba49c48..757fdae6e3c 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -564,6 +564,8 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
struct pwb_context **ctx_p)
{
struct pwb_context *r = NULL;
+ const char *service = NULL;
+ char service_name[32] = {0};
int ctrl_code;
#ifdef HAVE_GETTEXT
@@ -594,6 +596,12 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
return PAM_SYSTEM_ERR;
}
+ pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
+
+ snprintf(service_name, sizeof(service_name), "PAM_WINBIND[%s]", service);
+
+ wbcSetClientProcessName(service_name);
+
*ctx_p = r;
return PAM_SUCCESS;
--
2.19.1
More information about the samba-technical
mailing list