[PATCH] Log client process name in winbindd
Andrew Bartlett
abartlet at samba.org
Mon Nov 5 08:00:05 UTC 2018
On Mon, 2018-11-05 at 08:53 +0100, Andreas Schneider via samba-
technical wrote:
> Hello,
>
> attached is patchset which will log the name of the client process connecting
> to winbindd to request information. It will look like this:
>
> winbindd_getpwnam_send: [nss_winbind (18130)] getpwnam SAMBA-TEST/nobody
>
> or
>
> winbindd_getuserdomgroups_send: [smbtorture (18506)] getuserdomgroups
> S-1-5-21-757409344-3469499077-298407722-1000
>
> By default it will get the process name. I think for pam_winbind or
> nss_winbind we are not interested in the process name as the process doesn't
> implement samba code so I changed the name e.g. to nss_winbind.
>
>
> Please review and comment. Push if OK.
Shouldn't pam_winbind be using the pam service name if you don't want
to be looking for the actual process name?
Also, please sanitize the input here to avoid logfile injection attacks
(a broader issue) and other strange things regardless.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list