Improve NLA auth token debugging

This commit is contained in:
Armin Novak 2020-08-10 16:56:27 +02:00
parent a9d9908bde
commit 10ed4ec422

View File

@ -144,8 +144,8 @@ struct rdp_nla
SecPkgContext_Sizes ContextSizes;
};
static BOOL nla_send(rdpNla* nla);
static int nla_recv(rdpNla* nla);
static BOOL nla_send(rdpNla* nla, const char* msg);
static int nla_recv(rdpNla* nla, const char* msg);
static void nla_buffer_print(rdpNla* nla);
static void nla_buffer_free(rdpNla* nla);
static SECURITY_STATUS nla_encrypt_public_key_echo(rdpNla* nla);
@ -520,12 +520,8 @@ int nla_client_begin(rdpNla* nla)
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
WLog_DBG(TAG, "Sending Authentication Token");
#if defined(WITH_DEBUG_NLA)
winpr_HexDump(TAG, WLOG_DEBUG, nla->negoToken.pvBuffer, nla->negoToken.cbBuffer);
#endif
if (!nla_send(nla))
if (!nla_send(nla, "Client: Sending Authentication Token"))
{
nla_buffer_free(nla);
return -1;
@ -613,12 +609,8 @@ static int nla_client_recv(rdpNla* nla)
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
WLog_DBG(TAG, "Sending Authentication Token");
#if defined(WITH_DEBUG_NLA)
winpr_HexDump(TAG, WLOG_DEBUG, nla->negoToken.pvBuffer, nla->negoToken.cbBuffer);
#endif
if (!nla_send(nla))
if (!nla_send(nla, "Client: Sending Authentication Token"))
{
nla_buffer_free(nla);
return -1;
@ -658,7 +650,7 @@ static int nla_client_recv(rdpNla* nla)
return -1;
}
if (!nla_send(nla))
if (!nla_send(nla, "Client: Sending PubKeyAuth Token"))
{
nla_buffer_free(nla);
return -1;
@ -848,11 +840,9 @@ static int nla_server_authenticate(rdpNla* nla)
nla->inputBufferDesc.pBuffers = &nla->inputBuffer;
nla->inputBuffer.BufferType = SECBUFFER_TOKEN;
if (nla_recv(nla) < 0)
if (nla_recv(nla, "Receiving Authentication Token") < 0)
return -1;
WLog_DBG(TAG, "Receiving Authentication Token");
nla_buffer_print(nla);
nla->inputBuffer.pvBuffer = nla->negoToken.pvBuffer;
nla->inputBuffer.cbBuffer = nla->negoToken.cbBuffer;
@ -935,17 +925,14 @@ static int nla_server_authenticate(rdpNla* nla)
{
if (nla->outputBuffer.cbBuffer != 0)
{
if (!nla_send(nla))
if (!nla_send(nla, "Server: Sending response"))
{
nla_buffer_free(nla);
return -1;
}
if (nla_recv(nla) < 0)
if (nla_recv(nla, "Receiving pubkey Token") < 0)
return -1;
WLog_DBG(TAG, "Receiving pubkey Token");
nla_buffer_print(nla);
}
nla->havePubKeyAuth = TRUE;
@ -1012,15 +999,12 @@ static int nla_server_authenticate(rdpNla* nla)
WLog_ERR(TAG, "AcceptSecurityContext status %s [0x%08" PRIX32 "]",
GetSecurityStatusString(nla->status), nla->status);
nla_send(nla);
nla_send(nla, "Server: Sending AcceptSecurityContext error status");
return -1; /* Access Denied */
}
/* send authentication token */
WLog_DBG(TAG, "Sending Authentication Token");
nla_buffer_print(nla);
if (!nla_send(nla))
if (!nla_send(nla, "Server: Sending Authentication Token"))
{
nla_buffer_free(nla);
return -1;
@ -1036,7 +1020,7 @@ static int nla_server_authenticate(rdpNla* nla)
/* Receive encrypted credentials */
if (nla_recv(nla) < 0)
if (nla_recv(nla, "Receive Encryption Credentials") < 0)
return -1;
nla->status = nla_decrypt_ts_credentials(nla);
@ -1916,7 +1900,7 @@ static size_t nla_sizeof_ts_request(size_t length)
* @param credssp
*/
BOOL nla_send(rdpNla* nla)
BOOL nla_send(rdpNla* nla, const char* msg)
{
BOOL rc = TRUE;
wStream* s;
@ -1928,6 +1912,9 @@ BOOL nla_send(rdpNla* nla)
size_t error_code_context_length = 0;
size_t error_code_length = 0;
size_t client_nonce_length = 0;
WLog_DBG(TAG, "%s", msg);
nla_buffer_print(nla);
nego_tokens_length =
(nla->negoToken.cbBuffer > 0) ? nla_sizeof_nego_tokens(nla->negoToken.cbBuffer) : 0;
pub_key_auth_length =
@ -2208,7 +2195,7 @@ int nla_recv_pdu(rdpNla* nla, wStream* s)
return 1;
}
int nla_recv(rdpNla* nla)
int nla_recv(rdpNla* nla, const char* msg)
{
wStream* s;
int status;
@ -2216,7 +2203,7 @@ int nla_recv(rdpNla* nla)
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
WLog_ERR(TAG, "[%s] Stream_New failed!", __FUNCTION__);
return -1;
}
@ -2224,18 +2211,21 @@ int nla_recv(rdpNla* nla)
if (status < 0)
{
WLog_ERR(TAG, "nla_recv() error: %d", status);
WLog_ERR(TAG, "[%s] error: %d", __FUNCTION__, status);
Stream_Free(s, TRUE);
return -1;
}
if (nla_decode_ts_request(nla, s) < 1)
{
WLog_ERR(TAG, "[%s] Invalid data received, aborting", __FUNCTION__);
Stream_Free(s, TRUE);
return -1;
}
Stream_Free(s, TRUE);
WLog_DBG(TAG, "[%s] %s", __FUNCTION__, msg);
nla_buffer_print(nla);
return 1;
}