diff --git a/winpr/libwinpr/sspi/Kerberos/kerberos.c b/winpr/libwinpr/sspi/Kerberos/kerberos.c index 01cc64786..91089dace 100644 --- a/winpr/libwinpr/sspi/Kerberos/kerberos.c +++ b/winpr/libwinpr/sspi/Kerberos/kerberos.c @@ -119,11 +119,34 @@ static const WinPrAsn1_OID kerberos_OID = { 9, (void*)"\x2a\x86\x48\x86\xf7\x12\ static const WinPrAsn1_OID kerberos_u2u_OID = { 10, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03" }; -static void kerberos_log_msg(krb5_context ctx, krb5_error_code code) +#define krb_log_exec(fkt, ctx, ...) \ + kerberos_log_msg(ctx, fkt(ctx, ##__VA_ARGS__), #fkt, __FILE__, __func__, __LINE__) +#define krb_log_exec_ptr(fkt, ctx, ...) \ + kerberos_log_msg(*ctx, fkt(ctx, ##__VA_ARGS__), #fkt, __FILE__, __func__, __LINE__) +static krb5_error_code kerberos_log_msg(krb5_context ctx, krb5_error_code code, const char* what, + const char* file, const char* fkt, size_t line) { - const char* msg = krb5_get_error_message(ctx, code); - WLog_ERR(TAG, msg); - krb5_free_error_message(ctx, msg); + switch (code) + { + case 0: + case KRB5_KT_END: + break; + default: + { + const DWORD level = WLOG_ERROR; + + wLog* log = WLog_Get(TAG); + if (WLog_IsLevelActive(log, level)) + { + const char* msg = krb5_get_error_message(ctx, code); + WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, level, line, file, fkt, "%s (%s [%d])", + what, msg, code); + krb5_free_error_message(ctx, msg); + } + } + break; + } + return code; } static void kerberos_ContextFree(KRB_CONTEXT* ctx, BOOL allocated) @@ -184,7 +207,6 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( #ifdef WITH_KRB5 SEC_WINPR_KERBEROS_SETTINGS* krb_settings = NULL; KRB_CREDENTIALS* credentials = NULL; - krb5_error_code rv = 0; krb5_context ctx = NULL; krb5_ccache ccache = NULL; krb5_keytab keytab = NULL; @@ -213,7 +235,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( pszPrincipal = username; } - if ((rv = krb5_init_context(&ctx))) + if (krb_log_exec_ptr(krb5_init_context, &ctx)) goto cleanup; if (domain) @@ -224,7 +246,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( CharUpperA(udomain); /* Will use domain if realm is not specified in username */ - rv = krb5_set_default_realm(ctx, udomain); + krb5_error_code rv = krb_log_exec(krb5_set_default_realm, ctx, udomain); free(udomain); if (rv) @@ -242,7 +264,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( if (p) CharUpperA(p); - rv = krb5_parse_name(ctx, cpszPrincipal, &principal); + krb5_error_code rv = krb_log_exec(krb5_parse_name, ctx, cpszPrincipal, &principal); free(cpszPrincipal); if (rv) @@ -251,7 +273,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( if (krb_settings && krb_settings->cache) { - if ((rv = krb5_cc_set_default_name(ctx, krb_settings->cache))) + if ((krb_log_exec(krb5_cc_set_default_name, ctx, krb_settings->cache))) goto cleanup; } else @@ -264,16 +286,16 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( { if (own_ccache) { - if ((rv = krb5_cc_new_unique(ctx, default_ccache_type, 0, &ccache))) + if (krb_log_exec(krb5_cc_new_unique, ctx, default_ccache_type, 0, &ccache)) goto cleanup; } else { - if ((rv = krb5_cc_resolve(ctx, krb_settings->cache, &ccache))) + if (krb_log_exec(krb5_cc_resolve, ctx, krb_settings->cache, &ccache)) goto cleanup; } - if ((rv = krb5_cc_initialize(ctx, ccache, principal))) + if (krb_log_exec(krb5_cc_initialize, ctx, ccache, principal)) goto cleanup; } else @@ -282,9 +304,9 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( else if (fCredentialUse & SECPKG_CRED_OUTBOUND) { /* Use the default cache with it's default principal */ - if ((rv = krb5_cc_default(ctx, &ccache))) + if (krb_log_exec(krb5_cc_default, ctx, &ccache)) goto cleanup; - if ((rv = krb5_cc_get_principal(ctx, ccache, &principal))) + if (krb_log_exec(krb5_cc_get_principal, ctx, ccache, &principal)) goto cleanup; own_ccache = FALSE; } @@ -292,33 +314,33 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( { if (own_ccache) { - if ((rv = krb5_cc_new_unique(ctx, default_ccache_type, 0, &ccache))) + if (krb_log_exec(krb5_cc_new_unique, ctx, default_ccache_type, 0, &ccache)) goto cleanup; } else { - if ((rv = krb5_cc_resolve(ctx, krb_settings->cache, &ccache))) + if (krb_log_exec(krb5_cc_resolve, ctx, krb_settings->cache, &ccache)) goto cleanup; } } if (krb_settings && krb_settings->keytab) { - if ((rv = krb5_kt_resolve(ctx, krb_settings->keytab, &keytab))) + if (krb_log_exec(krb5_kt_resolve, ctx, krb_settings->keytab, &keytab)) goto cleanup; } else { if (fCredentialUse & SECPKG_CRED_INBOUND) - if ((rv = krb5_kt_default(ctx, &keytab))) + if (krb_log_exec(krb5_kt_default, ctx, &keytab)) goto cleanup; } /* Get initial credentials if required */ if (fCredentialUse & SECPKG_CRED_OUTBOUND) { - if ((rv = krb5glue_get_init_creds(ctx, principal, ccache, krb5_prompter, password, - krb_settings))) + if (krb_log_exec(krb5glue_get_init_creds, ctx, principal, ccache, krb5_prompter, password, + krb_settings)) goto cleanup; } @@ -331,9 +353,6 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA( cleanup: - if (rv) - kerberos_log_msg(ctx, rv); - free(domain); free(username); free(password); @@ -715,7 +734,6 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA( KRB_CREDENTIALS* credentials; KRB_CONTEXT* context; KRB_CONTEXT new_context = { 0 }; - krb5_error_code rv = KRB5KDC_ERR_NONE; PSecBuffer input_buffer = NULL; PSecBuffer output_buffer = NULL; PSecBuffer bindings_buffer = NULL; @@ -764,7 +782,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA( { context = &new_context; - if ((rv = krb5_init_context(&context->ctx))) + if (krb_log_exec_ptr(krb5_init_context, &context->ctx)) return SEC_E_INTERNAL_ERROR; if (fContextReq & ISC_REQ_USE_SESSION_KEY) @@ -836,26 +854,27 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA( case KERBEROS_STATE_AP_REQ: /* Set auth_context options */ - if ((rv = krb5_auth_con_init(context->ctx, &context->auth_ctx))) + if (krb_log_exec(krb5_auth_con_init, context->ctx, &context->auth_ctx)) goto cleanup; - if ((rv = krb5_auth_con_setflags(context->ctx, context->auth_ctx, - KRB5_AUTH_CONTEXT_DO_SEQUENCE | - KRB5_AUTH_CONTEXT_USE_SUBKEY))) + if (krb_log_exec(krb5_auth_con_setflags, context->ctx, context->auth_ctx, + KRB5_AUTH_CONTEXT_DO_SEQUENCE | KRB5_AUTH_CONTEXT_USE_SUBKEY)) goto cleanup; - if ((rv = krb5glue_auth_con_set_cksumtype(context->ctx, context->auth_ctx, - GSS_CHECKSUM_TYPE))) + if (krb_log_exec(krb5glue_auth_con_set_cksumtype, context->ctx, context->auth_ctx, + GSS_CHECKSUM_TYPE)) goto cleanup; /* Get a service ticket */ - if ((rv = krb5_sname_to_principal(context->ctx, host, sname, KRB5_NT_SRV_HST, - &in_creds.server))) + if (krb_log_exec(krb5_sname_to_principal, context->ctx, host, sname, KRB5_NT_SRV_HST, + &in_creds.server)) goto cleanup; - if ((rv = krb5_cc_get_principal(context->ctx, credentials->ccache, &in_creds.client))) + if (krb_log_exec(krb5_cc_get_principal, context->ctx, credentials->ccache, + &in_creds.client)) goto cleanup; - if ((rv = krb5_get_credentials(context->ctx, context->u2u ? KRB5_GC_USER_USER : 0, - credentials->ccache, &in_creds, &creds))) + if (krb_log_exec(krb5_get_credentials, context->ctx, + context->u2u ? KRB5_GC_USER_USER : 0, credentials->ccache, &in_creds, + &creds)) goto cleanup; /* Write the checksum (delegation not implemented) */ @@ -896,8 +915,8 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA( } /* Make the AP_REQ message */ - if ((rv = krb5_mk_req_extended(context->ctx, &context->auth_ctx, ap_flags, &cksum, - creds, &output_token))) + if (krb_log_exec(krb5_mk_req_extended, context->ctx, &context->auth_ctx, ap_flags, + &cksum, creds, &output_token)) goto cleanup; if (!sspi_gss_wrap_token(output_buffer, @@ -907,12 +926,15 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA( if (context->flags & SSPI_GSS_C_SEQUENCE_FLAG) { - krb5_auth_con_getlocalseqnumber(context->ctx, context->auth_ctx, - (INT32*)&context->local_seq); + if (krb_log_exec(krb5_auth_con_getlocalseqnumber, context->ctx, context->auth_ctx, + (INT32*)&context->local_seq)) + goto cleanup; context->remote_seq ^= context->local_seq; } - krb5glue_update_keyset(context->ctx, context->auth_ctx, FALSE, &context->keyset); + if (krb_log_exec(krb5glue_update_keyset, context->ctx, context->auth_ctx, FALSE, + &context->keyset)) + goto cleanup; context->state = KERBEROS_STATE_AP_REP; @@ -927,23 +949,29 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA( if (tok_id == TOK_ID_AP_REP) { - if ((rv = krb5_rd_rep(context->ctx, context->auth_ctx, &input_token, &reply))) + if (krb_log_exec(krb5_rd_rep, context->ctx, context->auth_ctx, &input_token, + &reply)) goto cleanup; krb5_free_ap_rep_enc_part(context->ctx, reply); } else if (tok_id == TOK_ID_ERROR) { - rv = krb5glue_log_error(context->ctx, &input_token, TAG); + krb5glue_log_error(context->ctx, &input_token, TAG); goto cleanup; } else goto bad_token; if (context->flags & SSPI_GSS_C_SEQUENCE_FLAG) - krb5_auth_con_getremoteseqnumber(context->ctx, context->auth_ctx, - (INT32*)&context->remote_seq); + { + if (krb_log_exec(krb5_auth_con_getremoteseqnumber, context->ctx, context->auth_ctx, + (INT32*)&context->remote_seq)) + goto cleanup; + } - krb5glue_update_keyset(context->ctx, context->auth_ctx, FALSE, &context->keyset); + if (krb_log_exec(krb5glue_update_keyset, context->ctx, context->auth_ctx, FALSE, + &context->keyset)) + goto cleanup; context->state = KERBEROS_STATE_FINAL; @@ -984,8 +1012,6 @@ cleanup: in_creds.second_ticket = edata; krb5_free_cred_contents(context->ctx, &in_creds); } - if (rv) - kerberos_log_msg(context->ctx, rv); krb5_free_creds(context->ctx, creds); if (output_token.data) @@ -1047,7 +1073,6 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext( krb5_data input_token = { 0 }; krb5_data output_token = { 0 }; SECURITY_STATUS status = SEC_E_INTERNAL_ERROR; - krb5_error_code rv = 0; krb5_flags ap_flags = 0; krb5glue_authenticator authenticator; char* target = NULL; @@ -1080,7 +1105,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext( { context = &new_context; - if ((rv = krb5_init_context(&context->ctx))) + if (krb_log_exec_ptr(krb5_init_context, &context->ctx)) return SEC_E_INTERNAL_ERROR; if (sspi_gss_oid_compare(&oid, &kerberos_u2u_OID)) @@ -1114,59 +1139,73 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext( realm++; } - if ((rv = krb5_parse_name_flags(context->ctx, sname ? sname : "", - KRB5_PRINCIPAL_PARSE_NO_REALM, &principal))) + if (krb_log_exec(krb5_parse_name_flags, context->ctx, sname ? sname : "", + KRB5_PRINCIPAL_PARSE_NO_REALM, &principal)) goto cleanup; if (realm) - if ((rv = krb5glue_set_principal_realm(context->ctx, principal, realm))) - goto cleanup; - - if ((rv = krb5_kt_start_seq_get(context->ctx, credentials->keytab, &cur))) - goto cleanup; - - while ((rv = krb5_kt_next_entry(context->ctx, credentials->keytab, &entry, &cur)) == 0) { - if ((!sname || - krb5_principal_compare_any_realm(context->ctx, principal, entry.principal)) && - (!realm || krb5_realm_compare(context->ctx, principal, entry.principal))) - break; - krb5glue_free_keytab_entry_contents(context->ctx, &entry); + if (krb_log_exec(krb5glue_set_principal_realm, context->ctx, principal, realm)) + goto cleanup; } - krb5_kt_end_seq_get(context->ctx, credentials->keytab, &cur); + if (krb_log_exec(krb5_kt_start_seq_get, context->ctx, credentials->keytab, &cur)) + goto cleanup; + + do + { + krb5_error_code rv = + krb_log_exec(krb5_kt_next_entry, context->ctx, credentials->keytab, &entry, &cur); + if (rv == KRB5_KT_END) + break; + if (rv != 0) + goto cleanup; + + if ((!sname || krb_log_exec(krb5_principal_compare_any_realm, context->ctx, principal, + entry.principal)) && + (!realm || + krb_log_exec(krb5_realm_compare, context->ctx, principal, entry.principal))) + break; + if (krb_log_exec(krb5glue_free_keytab_entry_contents, context->ctx, &entry)) + goto cleanup; + } while (1); + + if (krb_log_exec(krb5_kt_end_seq_get, context->ctx, credentials->keytab, &cur)) + goto cleanup; if (!entry.principal) goto cleanup; /* Get the TGT */ - if ((rv = krb5_get_init_creds_keytab(context->ctx, &creds, entry.principal, - credentials->keytab, 0, NULL, NULL))) + if (krb_log_exec(krb5_get_init_creds_keytab, context->ctx, &creds, entry.principal, + credentials->keytab, 0, NULL, NULL)) goto cleanup; if (!kerberos_mk_tgt_token(output_buffer, KRB_TGT_REP, NULL, NULL, &creds.ticket)) goto cleanup; - if ((rv = krb5_auth_con_init(context->ctx, &context->auth_ctx))) + if (krb_log_exec(krb5_auth_con_init, context->ctx, &context->auth_ctx)) goto cleanup; - if ((rv = krb5glue_auth_con_setuseruserkey(context->ctx, context->auth_ctx, - &krb5glue_creds_getkey(creds)))) + if (krb_log_exec(krb5glue_auth_con_setuseruserkey, context->ctx, context->auth_ctx, + &krb5glue_creds_getkey(creds))) goto cleanup; context->state = KERBEROS_STATE_AP_REQ; } else if (context->state == KERBEROS_STATE_AP_REQ && tok_id == TOK_ID_AP_REQ) { - if ((rv = krb5_rd_req(context->ctx, &context->auth_ctx, &input_token, NULL, - credentials->keytab, &ap_flags, NULL))) + if (krb_log_exec(krb5_rd_req, context->ctx, &context->auth_ctx, &input_token, NULL, + credentials->keytab, &ap_flags, NULL)) goto cleanup; - krb5_auth_con_setflags(context->ctx, context->auth_ctx, - KRB5_AUTH_CONTEXT_DO_SEQUENCE | KRB5_AUTH_CONTEXT_USE_SUBKEY); + if (krb_log_exec(krb5_auth_con_setflags, context->ctx, context->auth_ctx, + KRB5_AUTH_CONTEXT_DO_SEQUENCE | KRB5_AUTH_CONTEXT_USE_SUBKEY)) + goto cleanup; /* Retrieve and validate the checksum */ - if ((rv = krb5_auth_con_getauthenticator(context->ctx, context->auth_ctx, &authenticator))) + if (krb_log_exec(krb5_auth_con_getauthenticator, context->ctx, context->auth_ctx, + &authenticator)) goto cleanup; if (!krb5glue_authenticator_validate_chksum(authenticator, GSS_CHECKSUM_TYPE, &context->flags)) @@ -1176,7 +1215,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext( { if (!output_buffer) goto bad_token; - if ((rv = krb5_mk_rep(context->ctx, context->auth_ctx, &output_token))) + if (krb_log_exec(krb5_mk_rep, context->ctx, context->auth_ctx, &output_token)) goto cleanup; if (!sspi_gss_wrap_token(output_buffer, context->u2u ? &kerberos_u2u_OID : &kerberos_OID, @@ -1194,13 +1233,17 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext( if (context->flags & SSPI_GSS_C_SEQUENCE_FLAG) { - krb5_auth_con_getlocalseqnumber(context->ctx, context->auth_ctx, - (INT32*)&context->local_seq); - krb5_auth_con_getremoteseqnumber(context->ctx, context->auth_ctx, - (INT32*)&context->remote_seq); + if (krb_log_exec(krb5_auth_con_getlocalseqnumber, context->ctx, context->auth_ctx, + (INT32*)&context->local_seq)) + goto cleanup; + if (krb_log_exec(krb5_auth_con_getremoteseqnumber, context->ctx, context->auth_ctx, + (INT32*)&context->remote_seq)) + goto cleanup; } - krb5glue_update_keyset(context->ctx, context->auth_ctx, TRUE, &context->keyset); + if (krb_log_exec(krb5glue_update_keyset, context->ctx, context->auth_ctx, TRUE, + &context->keyset)) + goto cleanup; context->state = KERBEROS_STATE_FINAL; } @@ -1233,9 +1276,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext( cleanup: - if (rv) - kerberos_log_msg(context->ctx, rv); - + free(target); if (output_token.data) krb5glue_free_data_contents(context->ctx, &output_token); if (entry.principal) @@ -1312,16 +1353,28 @@ static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(PCtxtHandle ph if (context->flags & SSPI_GSS_C_CONF_FLAG) { - krb5glue_crypto_length(context->ctx, key, KRB5_CRYPTO_TYPE_HEADER, &header); - krb5glue_crypto_length(context->ctx, key, KRB5_CRYPTO_TYPE_PADDING, &pad); - krb5glue_crypto_length(context->ctx, key, KRB5_CRYPTO_TYPE_TRAILER, &trailer); + krb5_error_code rv = krb_log_exec(krb5glue_crypto_length, context->ctx, key, + KRB5_CRYPTO_TYPE_HEADER, &header); + if (rv) + return rv; + rv = krb_log_exec(krb5glue_crypto_length, context->ctx, key, KRB5_CRYPTO_TYPE_PADDING, + &pad); + if (rv) + return rv; + rv = krb_log_exec(krb5glue_crypto_length, context->ctx, key, KRB5_CRYPTO_TYPE_TRAILER, + &trailer); + if (rv) + return rv; /* GSS header (= 16 bytes) + encrypted header = 32 bytes */ ContextSizes->cbSecurityTrailer = header + pad + trailer + 32; } if (context->flags & SSPI_GSS_C_INTEG_FLAG) { - krb5glue_crypto_length(context->ctx, key, KRB5_CRYPTO_TYPE_CHECKSUM, - &ContextSizes->cbMaxSignature); + krb5_error_code rv = + krb_log_exec(krb5glue_crypto_length, context->ctx, key, KRB5_CRYPTO_TYPE_CHECKSUM, + &ContextSizes->cbMaxSignature); + if (rv) + return rv; ContextSizes->cbMaxSignature += 16; } @@ -1473,7 +1526,8 @@ static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(PCtxtHandle phContext, encrypt_iov[2].data.length = 16; /* Get the lengths of the header, trailer, and padding and ensure sig_buffer is large enough */ - if (krb5glue_crypto_length_iov(context->ctx, key, encrypt_iov, ARRAYSIZE(encrypt_iov))) + if (krb_log_exec(krb5glue_crypto_length_iov, context->ctx, key, encrypt_iov, + ARRAYSIZE(encrypt_iov))) return SEC_E_INTERNAL_ERROR; if (sig_buffer->cbBuffer < encrypt_iov[0].data.length + encrypt_iov[3].data.length + encrypt_iov[4].data.length + 32) @@ -1500,7 +1554,8 @@ static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(PCtxtHandle phContext, /* Set the correct RRC */ Data_Write_UINT16_BE(header + 6, 16 + encrypt_iov[3].data.length + encrypt_iov[4].data.length); - if (krb5glue_encrypt_iov(context->ctx, key, usage, encrypt_iov, ARRAYSIZE(encrypt_iov))) + if (krb_log_exec(krb5glue_encrypt_iov, context->ctx, key, usage, encrypt_iov, + ARRAYSIZE(encrypt_iov))) return SEC_E_INTERNAL_ERROR; return SEC_E_OK; @@ -1576,7 +1631,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(PCtxtHandle phContext, /* Fill in the lengths of the iov array */ iov[1].data.length = data_buffer->cbBuffer; iov[2].data.length = 16; - if (krb5glue_crypto_length_iov(context->ctx, key, iov, ARRAYSIZE(iov))) + if (krb_log_exec(krb5glue_crypto_length_iov, context->ctx, key, iov, ARRAYSIZE(iov))) return SEC_E_INTERNAL_ERROR; /* We don't expect a trailer buffer; everything must be in sig_buffer */ @@ -1592,7 +1647,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(PCtxtHandle phContext, iov[3].data.data = iov[2].data.data + iov[2].data.length; iov[4].data.data = iov[3].data.data + iov[3].data.length; - if (krb5glue_decrypt_iov(context->ctx, key, usage, iov, ARRAYSIZE(iov))) + if (krb_log_exec(krb5glue_decrypt_iov, context->ctx, key, usage, iov, ARRAYSIZE(iov))) return SEC_E_INTERNAL_ERROR; /* Validate the encrypted header */ @@ -1647,7 +1702,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(PCtxtHandle phContext, U /* Fill in the lengths of the iov array */ iov[0].data.length = data_buffer->cbBuffer; iov[1].data.length = 16; - if (krb5glue_crypto_length_iov(context->ctx, key, iov, ARRAYSIZE(iov))) + if (krb_log_exec(krb5glue_crypto_length_iov, context->ctx, key, iov, ARRAYSIZE(iov))) return SEC_E_INTERNAL_ERROR; /* Ensure the buffer is big enough */ @@ -1666,7 +1721,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(PCtxtHandle phContext, U iov[1].data.data = header; iov[2].data.data = header + 16; - if (krb5glue_make_checksum_iov(context->ctx, key, usage, iov, ARRAYSIZE(iov))) + if (krb_log_exec(krb5glue_make_checksum_iov, context->ctx, key, usage, iov, ARRAYSIZE(iov))) return SEC_E_INTERNAL_ERROR; sig_buffer->cbBuffer = iov[2].data.length + 16; @@ -1736,7 +1791,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(PCtxtHandle phContext, /* Fill in the iov array lengths */ iov[0].data.length = data_buffer->cbBuffer; iov[1].data.length = 16; - if (krb5glue_crypto_length_iov(context->ctx, key, iov, ARRAYSIZE(iov))) + if (krb_log_exec(krb5glue_crypto_length_iov, context->ctx, key, iov, ARRAYSIZE(iov))) return SEC_E_INTERNAL_ERROR; if (sig_buffer->cbBuffer != iov[2].data.length + 16) @@ -1747,7 +1802,8 @@ static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(PCtxtHandle phContext, iov[1].data.data = header; iov[2].data.data = header + 16; - if (krb5glue_verify_checksum_iov(context->ctx, key, usage, iov, ARRAYSIZE(iov), &is_valid)) + if (krb_log_exec(krb5glue_verify_checksum_iov, context->ctx, key, usage, iov, ARRAYSIZE(iov), + &is_valid)) return SEC_E_INTERNAL_ERROR; if (!is_valid)