More SSPI logging.

libfreerdp/core/gateway/ntlm.c

@@ -54,7 +54,8 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char*
 
 	if (status != SEC_E_OK)
 	{
-		WLog_ERR(TAG, "QuerySecurityPackageInfo status: 0x%08X", status);
+		WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
+			 GetSecurityStatusString(status), status);
 		return FALSE;
 	}
 
@@ -66,7 +67,8 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char*
 
 	if (status != SEC_E_OK)
 	{
-		WLog_ERR(TAG, "AcquireCredentialsHandle status: 0x%08X", status);
+		WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
+			 GetSecurityStatusString(status), status);
 		return FALSE;
 	}
 
@@ -230,14 +232,26 @@ BOOL ntlm_authenticate(rdpNtlm* ntlm)
 							0, &ntlm->context, &ntlm->outputBufferDesc,
 							&ntlm->pfContextAttr, &ntlm->expiration);
 
+	WLog_VRB(TAG, "InitializeSecurityContext status %s [%08X]",
+		 GetSecurityStatusString(status), status);
 	if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
 	{
 		if (ntlm->table->CompleteAuthToken)
-			ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
-
-		if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
 		{
-			WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure");
+			SECURITY_STATUS cStatus;
+			cStatus = ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
+			if (cStatus != SEC_E_OK)
+			{
+				WLog_WARN(TAG, "CompleteAuthToken status  %s [%08X]",
+					  GetSecurityStatusString(cStatus), cStatus);
+			}
+		}
+
+		status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes);
+		if (status != SEC_E_OK)
+		{
+			WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
+				 GetSecurityStatusString(status), status);
 			return FALSE;
 		}
 
@@ -275,9 +289,26 @@ void ntlm_client_uninit(rdpNtlm* ntlm)
 
 	if (ntlm->table)
 	{
-		ntlm->table->FreeCredentialsHandle(&ntlm->credentials);
+		SECURITY_STATUS status;
-		ntlm->table->FreeContextBuffer(ntlm->pPackageInfo);
+
-		ntlm->table->DeleteSecurityContext(&ntlm->context);
+		status = ntlm->table->FreeCredentialsHandle(&ntlm->credentials);
+		if (status != SEC_E_OK)
+		{
+			WLog_WARN(TAG, "FreeCredentialsHandle status %s [%08X]",
+				  GetSecurityStatusString(status), status);
+		}
+		status = ntlm->table->FreeContextBuffer(ntlm->pPackageInfo);
+		if (status != SEC_E_OK)
+		{
+			WLog_WARN(TAG, "FreeContextBuffer status %s [%08X]",
+				  GetSecurityStatusString(status), status);
+		}
+		status = ntlm->table->DeleteSecurityContext(&ntlm->context);
+		if (status != SEC_E_OK)
+		{
+			WLog_WARN(TAG, "DeleteSecurityContext status %s [%08X]",
+				  GetSecurityStatusString(status), status);
+		}
 		ntlm->table = NULL;
 	}
 }

libfreerdp/core/gateway/rpc_client.c

@@ -900,6 +900,7 @@ int rpc_in_channel_send_pdu(RpcInChannel* inChannel, BYTE* buffer, UINT32 length
 
 int rpc_client_write_call(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum)
 {
+	SECURITY_STATUS status;
 	UINT32 offset;
 	BYTE* buffer = NULL;
 	UINT32 stub_data_pad;
@@ -918,9 +919,11 @@ int rpc_client_write_call(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum)
 		return -1;
 	}
 
-	if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
+	status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes);
+	if (status != SEC_E_OK)
 	{
-		WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure");
+		WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
+			 GetSecurityStatusString(status), status);
 		return -1;
 	}
 
@@ -994,7 +997,8 @@ int rpc_client_write_call(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum)
 
 	if (encrypt_status != SEC_E_OK)
 	{
-		WLog_ERR(TAG, "EncryptMessage status: 0x%08X", encrypt_status);
+		WLog_ERR(TAG, "EncryptMessage status %s [%08X]",
+			 GetSecurityStatusString(encrypt_status), encrypt_status);
 		goto out_free_pdu;
 	}
 

winpr/libwinpr/sspi/Negotiate/negotiate.c

@@ -27,6 +27,8 @@
 #include "negotiate.h"
 
 #include "../sspi.h"
+#include "../log.h"
+#define TAG WINPR_TAG("negociate")
 
 extern const SecurityFunctionTableA NTLM_SecurityFunctionTableA;
 extern const SecurityFunctionTableW NTLM_SecurityFunctionTableW;
@@ -138,6 +140,11 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredenti
 						       pInput, fContextReq, TargetDataRep, &(context->SubContext),
 						       pOutput, pfContextAttr, ptsTimeStamp);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "AcceptSecurityContext status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
 	return status;
 }
 

winpr/libwinpr/sspi/sspi_winpr.c

@@ -37,6 +37,9 @@
 
 #include "sspi_winpr.h"
 
+#include "../log.h"
+#define TAG WINPR_TAG("sspi")
+
 /* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */
 
 extern const SecPkgInfoA NTLM_SecPkgInfoA;
@@ -801,6 +804,11 @@ SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipa
 	status = table->AcquireCredentialsHandleW(pszPrincipal, pszPackage, fCredentialUse,
 						  pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "AcquireCredentialsHandleW status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
 	return status;
 }
 
@@ -820,6 +828,12 @@ SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal
 	status = table->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse,
 						  pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "AcquireCredentialsHandleA status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -844,6 +858,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ExportSecurityContext(PCtxtHandle phContext, ULO
 
 	status = table->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "ExportSecurityContext status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -868,6 +888,11 @@ SECURITY_STATUS SEC_ENTRY winpr_FreeCredentialsHandle(PCredHandle phCredential)
 
 	status = table->FreeCredentialsHandle(phCredential);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "FreeCredentialsHandle status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
 	return status;
 }
 
@@ -892,6 +917,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextW(SEC_WCHAR* pszPackage, PS
 
 	status = table->ImportSecurityContextW(pszPackage, pPackedContext, pToken, phContext);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "ImportSecurityContextW status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -916,6 +947,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextA(SEC_CHAR* pszPackage, PSe
 
 	status = table->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "ImportSecurityContextA status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -940,6 +977,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesW(PCredHandle phCreden
 
 	status = table->QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "QueryCredentialsAttributesW status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -964,6 +1007,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesA(PCredHandle phCreden
 
 	status = table->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "QueryCredentialsAttributesA status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -993,6 +1042,12 @@ SECURITY_STATUS SEC_ENTRY winpr_AcceptSecurityContext(PCredHandle phCredential,
 	status = table->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq,
 					      TargetDataRep, phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "AcceptSecurityContext status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1017,6 +1072,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ApplyControlToken(PCtxtHandle phContext, PSecBuf
 
 	status = table->ApplyControlToken(phContext, pInput);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "ApplyControlToken status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1041,6 +1102,12 @@ SECURITY_STATUS SEC_ENTRY winpr_CompleteAuthToken(PCtxtHandle phContext, PSecBuf
 
 	status = table->CompleteAuthToken(phContext, pToken);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1065,6 +1132,12 @@ SECURITY_STATUS SEC_ENTRY winpr_DeleteSecurityContext(PCtxtHandle phContext)
 
 	status = table->DeleteSecurityContext(phContext);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "DeleteSecurityContext status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1099,6 +1172,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ImpersonateSecurityContext(PCtxtHandle phContext
 
 	status = table->ImpersonateSecurityContext(phContext);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "ImpersonateSecurityContext status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1128,6 +1207,12 @@ SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextW(PCredHandle phCredent
 						   pszTargetName, fContextReq, Reserved1, TargetDataRep,
 						   pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "InitializeSecurityContextW status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1157,6 +1242,12 @@ SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(PCredHandle phCredent
 						   pszTargetName, fContextReq, Reserved1, TargetDataRep,
 						   pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "InitializeSecurityContextA status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1181,6 +1272,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesW(PCtxtHandle phContext, U
 
 	status = table->QueryContextAttributesW(phContext, ulAttribute, pBuffer);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "QueryContextAttributesW status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1205,6 +1302,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext, U
 
 	status = table->QueryContextAttributesA(phContext, ulAttribute, pBuffer);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "QueryContextAttributesA status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1229,6 +1332,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext,
 
 	status = table->QuerySecurityContextToken(phContext, phToken);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "QuerySecurityContextToken status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1253,6 +1362,12 @@ SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext, ULO
 
 	status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "SetContextAttributesW status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1277,6 +1392,12 @@ SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext, ULO
 
 	status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "SetContextAttributesA status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1301,6 +1422,12 @@ SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
 
 	status = table->RevertSecurityContext(phContext);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "RevertSecurityContext status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1327,6 +1454,12 @@ SECURITY_STATUS SEC_ENTRY winpr_DecryptMessage(PCtxtHandle phContext, PSecBuffer
 
 	status = table->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "DecryptMessage status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1351,6 +1484,12 @@ SECURITY_STATUS SEC_ENTRY winpr_EncryptMessage(PCtxtHandle phContext, ULONG fQOP
 
 	status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_ERR(TAG, "EncryptMessage status %s [%08X]",
+			 GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1375,6 +1514,12 @@ SECURITY_STATUS SEC_ENTRY winpr_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
 
 	status = table->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "MakeSignature status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }
 
@@ -1399,6 +1544,12 @@ SECURITY_STATUS SEC_ENTRY winpr_VerifySignature(PCtxtHandle phContext, PSecBuffe
 
 	status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
 
+	if (status != SEC_E_OK)
+	{
+		WLog_WARN(TAG, "VerifySignature status %s [%08X]",
+			  GetSecurityStatusString(status), status);
+	}
+
 	return status;
 }