fix: do not log at info-level return values (#438)

CBenoit · web-flow · commit 68d02e410dad · 2025-05-29T14:32:48.000+03:00
diff --git a/crates/dpapi/src/client.rs b/crates/dpapi/src/client.rs
@@ -132,7 +132,7 @@ fn process_get_key_result(response: &Response, security_trailer: Option<Security
     unpack_response(data)
 }
 
-#[instrument(ret)]
+#[instrument(ret, level = "debug")]
 fn decrypt_blob(blob: &DpapiBlob, key: &GroupKeyEnvelope) -> Result<Vec<u8>> {
     let kek = get_kek(key, &blob.key_identifier)?;
 
@@ -147,7 +147,7 @@ fn decrypt_blob(blob: &DpapiBlob, key: &GroupKeyEnvelope) -> Result<Vec<u8>> {
     )?)
 }
 
-#[instrument(ret)]
+#[instrument(ret, level = "debug")]
 fn encrypt_blob(
     data: &[u8],
     key: &GroupKeyEnvelope,
diff --git a/crates/dpapi/src/rpc/auth.rs b/crates/dpapi/src/rpc/auth.rs
@@ -135,7 +135,7 @@ impl<'a> AuthProvider<'a> {
     /// * `security_trailer_data`: RPC PDU security trailer `auth_value`. Basically, it's a Kerberos Wrap Token.
     ///
     /// All encryption is performed in-place.
-    #[instrument(ret, skip(self))]
+    #[instrument(ret, level = "debug", skip(self))]
     pub fn wrap_with_header_sign(
         &mut self,
         header: &mut [u8],
@@ -189,7 +189,7 @@ impl<'a> AuthProvider<'a> {
     /// * `security_trailer_data`: `auth_value` of the RPC PDU security trailer. Basically, it's a Kerberos Wrap Token.
     ///
     /// All decryption is performed in-place.
-    #[instrument(ret, skip(self))]
+    #[instrument(ret, level = "debug", skip(self))]
     pub fn unwrap_with_header_sign(
         &mut self,
         header: &mut [u8],
@@ -219,7 +219,7 @@ impl<'a> AuthProvider<'a> {
     /// * `security_trailer_data`: `auth_value` of the RPC PDU security trailer. Basically, it's a Kerberos Wrap Token.
     ///
     /// All decryption is performed in-place.
-    #[instrument(ret, skip(self))]
+    #[instrument(ret, level = "debug", skip(self))]
     pub fn unwrap(&mut self, body: &mut [u8], security_trailer_data: &mut [u8]) -> AuthResult<Vec<u8>> {
         let mut message = vec![
             SecurityBufferRef::data_buf(body),
@@ -234,7 +234,7 @@ impl<'a> AuthProvider<'a> {
     /// Performs one step in authorization process.
     ///
     /// The client should call this method until `self.is_finished()` is `true`.
-    #[instrument(ret, fields(state = ?self.is_finished), skip(self))]
+    #[instrument(ret, level = "debug", fields(state = ?self.is_finished), skip(self))]
     pub async fn initialize_security_context(&mut self, in_token: Vec<u8>) -> AuthResult<SecurityTrailer> {
         let mut input_token = [SecurityBuffer::new(in_token, BufferType::Token)];
         let mut output_token = vec![SecurityBuffer::new(Vec::with_capacity(1024), BufferType::Token)];
diff --git a/src/credssp/mod.rs b/src/credssp/mod.rs
@@ -634,7 +634,7 @@ impl SspiImpl for SspiContext {
     type CredentialsHandle = Option<CredentialsBuffers>;
     type AuthenticationData = Credentials;
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]
     fn acquire_credentials_handle_impl(
         &mut self,
         builder: FilledAcquireCredentialsHandle<'_, Self::CredentialsHandle, Self::AuthenticationData>,
@@ -681,7 +681,7 @@ impl SspiImpl for SspiContext {
         })
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]
     fn accept_security_context_impl(
         &mut self,
         builder: FilledAcceptSecurityContext<'_, Self::CredentialsHandle>,
@@ -736,7 +736,7 @@ impl SspiImpl for SspiContext {
 }
 
 impl<'a> SspiContext {
-    #[instrument(ret, fields(security_package = self.package_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]
     async fn change_password_impl(
         &mut self,
         yield_point: &mut YieldPointLocal,
@@ -769,7 +769,7 @@ impl<'a> SspiContext {
             .resolve_with_default_network_client()
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]
     async fn initialize_security_context_impl(
         &'a mut self,
         yield_point: &mut YieldPointLocal,
@@ -807,7 +807,7 @@ impl<'a> SspiContext {
 }
 
 impl Sspi for SspiContext {
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn complete_auth_token(&mut self, token: &mut [SecurityBuffer]) -> crate::Result<SecurityStatus> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.complete_auth_token(token),
@@ -819,7 +819,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn encrypt_message(
         &mut self,
         flags: EncryptionFlags,
@@ -836,7 +836,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn decrypt_message(
         &mut self,
         message: &mut [SecurityBufferRef],
@@ -852,7 +852,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_sizes(&mut self) -> crate::Result<ContextSizes> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_sizes(),
@@ -864,7 +864,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_names(&mut self) -> crate::Result<ContextNames> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_names(),
@@ -876,7 +876,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_stream_sizes(&mut self) -> crate::Result<StreamSizes> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_stream_sizes(),
@@ -888,7 +888,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_package_info(&mut self) -> crate::Result<PackageInfo> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_package_info(),
@@ -900,7 +900,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_cert_trust_status(&mut self) -> crate::Result<CertTrustStatus> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_cert_trust_status(),
@@ -912,7 +912,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_remote_cert(&mut self) -> crate::Result<CertContext> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_remote_cert(),
@@ -924,7 +924,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_negotiation_package(&mut self) -> crate::Result<PackageInfo> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_negotiation_package(),
@@ -936,7 +936,7 @@ impl Sspi for SspiContext {
         }
     }
 
-    #[instrument(ret, fields(security_package = self.package_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]
     fn query_context_connection_info(&mut self) -> crate::Result<ConnectionInfo> {
         match self {
             SspiContext::Ntlm(ntlm) => ntlm.query_context_connection_info(),
diff --git a/src/credssp/sspi_cred_ssp/mod.rs b/src/credssp/sspi_cred_ssp/mod.rs
@@ -365,7 +365,7 @@ impl SspiImpl for SspiCredSsp {
 }
 
 impl SspiCredSsp {
-    #[instrument(ret, fields(state = ?self.state), skip_all)]
+    #[instrument(ret, level = "debug", fields(state = ?self.state), skip_all)]
     #[async_recursion]
     pub(crate) async fn initialize_security_context_impl<'a>(
         &mut self,
diff --git a/src/credssp/ts_request/mod.rs b/src/credssp/ts_request/mod.rs
@@ -251,7 +251,7 @@ impl TsRequest {
     }
 }
 
-#[instrument(ret)]
+#[instrument(ret, level = "debug")]
 fn write_smart_card_credentials(credentials: &SmartCardIdentityBuffers) -> crate::Result<Vec<u8>> {
     let smart_card_creds = TsSmartCardCreds {
         pin: ExplicitContextTag0::from(OctetStringAsn1::from(credentials.pin.as_ref().to_vec())),
@@ -300,7 +300,7 @@ pub fn write_ts_credentials(credentials: &CredentialsBuffers, cred_ssp_mode: Cre
     Ok(picky_asn1_der::to_vec(&ts_creds)?)
 }
 
-#[instrument(ret)]
+#[instrument(ret, level = "debug")]
 fn write_password_credentials(credentials: &AuthIdentityBuffers, cred_ssp_mode: CredSspMode) -> io::Result<Vec<u8>> {
     let empty_identity = AuthIdentityBuffers::default();
     let identity = match cred_ssp_mode {
diff --git a/src/kdc.rs b/src/kdc.rs
@@ -53,7 +53,7 @@ pub fn detect_kdc_hosts_from_system(domain: &str) -> Vec<String> {
     Vec::new()
 }
 
-#[instrument(ret)]
+#[instrument(ret, level = "debug")]
 pub fn detect_kdc_hosts(domain: &str) -> Vec<String> {
     if let Ok(kdc_url) = env::var(format!("SSPI_KDC_URL_{}", domain)) {
         return vec![kdc_url];
diff --git a/src/negotiate.rs b/src/negotiate.rs
@@ -130,7 +130,7 @@ impl Negotiate {
     // 3) if the provided username is FQDN and we can resolve KDC then it'll use Kerberos
     // 4) if SSPI_KDC_URL_ENV is set then it'll also use Kerberos
     // 5) in any other cases, it'll use NTLM
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip(self))]
     fn negotiate_protocol(&mut self, username: &str, domain: &str) -> Result<()> {
         if let NegotiatedProtocol::Ntlm(_) = &self.protocol {
             #[cfg(target_os = "windows")]
@@ -266,7 +266,7 @@ impl Negotiate {
 }
 
 impl SspiEx for Negotiate {
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn custom_set_auth_identity(&mut self, identity: Self::AuthenticationData) -> Result<()> {
         self.auth_identity = Some(identity.clone().try_into().unwrap());
 
@@ -293,7 +293,7 @@ impl SspiEx for Negotiate {
 }
 
 impl Sspi for Negotiate {
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip(self))]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip(self))]
     fn complete_auth_token(&mut self, token: &mut [SecurityBuffer]) -> Result<SecurityStatus> {
         match &mut self.protocol {
             NegotiatedProtocol::Pku2u(pku2u) => pku2u.complete_auth_token(token),
@@ -302,7 +302,7 @@ impl Sspi for Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn encrypt_message(
         &mut self,
         flags: crate::EncryptionFlags,
@@ -316,7 +316,7 @@ impl Sspi for Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn decrypt_message<'data>(
         &mut self,
         message: &mut [SecurityBufferRef<'data>],
@@ -329,7 +329,7 @@ impl Sspi for Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn query_context_sizes(&mut self) -> Result<ContextSizes> {
         match &mut self.protocol {
             NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_sizes(),
@@ -338,7 +338,7 @@ impl Sspi for Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn query_context_names(&mut self) -> Result<ContextNames> {
         match &mut self.protocol {
             NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_names(),
@@ -347,12 +347,12 @@ impl Sspi for Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn query_context_package_info(&mut self) -> Result<PackageInfo> {
         crate::query_security_package_info(SecurityPackageType::Negotiate)
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn query_context_negotiation_package(&mut self) -> Result<PackageInfo> {
         match &mut self.protocol {
             NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_package_info(),
@@ -361,7 +361,7 @@ impl Sspi for Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn query_context_cert_trust_status(&mut self) -> Result<CertTrustStatus> {
         match &mut self.protocol {
             NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_cert_trust_status(),
@@ -414,7 +414,7 @@ impl SspiImpl for Negotiate {
     type CredentialsHandle = Option<CredentialsBuffers>;
     type AuthenticationData = Credentials;
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn acquire_credentials_handle_impl(
         &mut self,
         builder: builders::FilledAcquireCredentialsHandle<'_, Self::CredentialsHandle, Self::AuthenticationData>,
@@ -478,7 +478,7 @@ impl SspiImpl for Negotiate {
         })
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     fn accept_security_context_impl(
         &mut self,
         builder: builders::FilledAcceptSecurityContext<'_, Self::CredentialsHandle>,
@@ -517,7 +517,7 @@ impl SspiImpl for Negotiate {
 }
 
 impl<'a> Negotiate {
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     pub(crate) async fn change_password(
         &'a mut self,
         yield_point: &mut YieldPointLocal,
@@ -534,7 +534,7 @@ impl<'a> Negotiate {
         }
     }
 
-    #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]
+    #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]
     pub(crate) async fn initialize_security_context_impl(
         &'a mut self,
         yield_point: &mut YieldPointLocal,
diff --git a/src/ntlm/mod.rs b/src/ntlm/mod.rs
@@ -286,7 +286,7 @@ impl SspiImpl for Ntlm {
         })
     }
 
-    #[instrument(ret, fields(state = ?self.state), skip_all)]
+    #[instrument(ret, level = "debug", fields(state = ?self.state), skip_all)]
     fn initialize_security_context_impl(
         &mut self,
         builder: &mut FilledInitializeSecurityContext<'_, Self::CredentialsHandle>,
diff --git a/src/pku2u/mod.rs b/src/pku2u/mod.rs
@@ -414,7 +414,7 @@ impl SspiImpl for Pku2u {
 }
 
 impl Pku2u {
-    #[instrument(ret, fields(state = ?self.state), skip_all)]
+    #[instrument(ret, level = "debug", fields(state = ?self.state), skip_all)]
     pub(crate) fn initialize_security_context_impl(
         &mut self,
         builder: &mut crate::builders::FilledInitializeSecurityContext<'_, <Self as SspiImpl>::CredentialsHandle>,

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ fn process_get_key_result(response: &Response, security_trailer: Option<Security`
`132`	`132`	`unpack_response(data)`
`133`	`133`	`}`
`134`	`134`
`135`		`-#[instrument(ret)]`
	`135`	`+#[instrument(ret, level = "debug")]`
`136`	`136`	`fn decrypt_blob(blob: &DpapiBlob, key: &GroupKeyEnvelope) -> Result<Vec<u8>> {`
`137`	`137`	`let kek = get_kek(key, &blob.key_identifier)?;`
`138`	`138`
`@@ -147,7 +147,7 @@ fn decrypt_blob(blob: &DpapiBlob, key: &GroupKeyEnvelope) -> Result<Vec<u8>> {`
`147`	`147`	`)?)`
`148`	`148`	`}`
`149`	`149`
`150`		`-#[instrument(ret)]`
	`150`	`+#[instrument(ret, level = "debug")]`
`151`	`151`	`fn encrypt_blob(`
`152`	`152`	`data: &[u8],`
`153`	`153`	`key: &GroupKeyEnvelope,`
Original file line number	Diff line number	Diff line change
`@@ -634,7 +634,7 @@ impl SspiImpl for SspiContext {`
`634`	`634`	`type CredentialsHandle = Option<CredentialsBuffers>;`
`635`	`635`	`type AuthenticationData = Credentials;`
`636`	`636`
`637`		`- #[instrument(ret, fields(security_package = self.package_name()), skip_all)]`
	`637`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]`
`638`	`638`	`fn acquire_credentials_handle_impl(`
`639`	`639`	`&mut self,`
`640`	`640`	`builder: FilledAcquireCredentialsHandle<'_, Self::CredentialsHandle, Self::AuthenticationData>,`
`@@ -681,7 +681,7 @@ impl SspiImpl for SspiContext {`
`681`	`681`	`})`
`682`	`682`	`}`
`683`	`683`
`684`		`- #[instrument(ret, fields(security_package = self.package_name()), skip_all)]`
	`684`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]`
`685`	`685`	`fn accept_security_context_impl(`
`686`	`686`	`&mut self,`
`687`	`687`	`builder: FilledAcceptSecurityContext<'_, Self::CredentialsHandle>,`
`@@ -736,7 +736,7 @@ impl SspiImpl for SspiContext {`
`736`	`736`	`}`
`737`	`737`
`738`	`738`	`impl<'a> SspiContext {`
`739`		`- #[instrument(ret, fields(security_package = self.package_name()), skip_all)]`
	`739`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]`
`740`	`740`	`async fn change_password_impl(`
`741`	`741`	`&mut self,`
`742`	`742`	`yield_point: &mut YieldPointLocal,`
`@@ -769,7 +769,7 @@ impl<'a> SspiContext {`
`769`	`769`	`.resolve_with_default_network_client()`
`770`	`770`	`}`
`771`	`771`
`772`		`- #[instrument(ret, fields(security_package = self.package_name()), skip_all)]`
	`772`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip_all)]`
`773`	`773`	`async fn initialize_security_context_impl(`
`774`	`774`	`&'a mut self,`
`775`	`775`	`yield_point: &mut YieldPointLocal,`
`@@ -807,7 +807,7 @@ impl<'a> SspiContext {`
`807`	`807`	`}`
`808`	`808`
`809`	`809`	`impl Sspi for SspiContext {`
`810`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`810`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`811`	`811`	`fn complete_auth_token(&mut self, token: &mut [SecurityBuffer]) -> crate::Result<SecurityStatus> {`
`812`	`812`	`match self {`
`813`	`813`	`SspiContext::Ntlm(ntlm) => ntlm.complete_auth_token(token),`
`@@ -819,7 +819,7 @@ impl Sspi for SspiContext {`
`819`	`819`	`}`
`820`	`820`	`}`
`821`	`821`
`822`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`822`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`823`	`823`	`fn encrypt_message(`
`824`	`824`	`&mut self,`
`825`	`825`	`flags: EncryptionFlags,`
`@@ -836,7 +836,7 @@ impl Sspi for SspiContext {`
`836`	`836`	`}`
`837`	`837`	`}`
`838`	`838`
`839`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`839`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`840`	`840`	`fn decrypt_message(`
`841`	`841`	`&mut self,`
`842`	`842`	`message: &mut [SecurityBufferRef],`
`@@ -852,7 +852,7 @@ impl Sspi for SspiContext {`
`852`	`852`	`}`
`853`	`853`	`}`
`854`	`854`
`855`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`855`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`856`	`856`	`fn query_context_sizes(&mut self) -> crate::Result<ContextSizes> {`
`857`	`857`	`match self {`
`858`	`858`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_sizes(),`
`@@ -864,7 +864,7 @@ impl Sspi for SspiContext {`
`864`	`864`	`}`
`865`	`865`	`}`
`866`	`866`
`867`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`867`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`868`	`868`	`fn query_context_names(&mut self) -> crate::Result<ContextNames> {`
`869`	`869`	`match self {`
`870`	`870`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_names(),`
`@@ -876,7 +876,7 @@ impl Sspi for SspiContext {`
`876`	`876`	`}`
`877`	`877`	`}`
`878`	`878`
`879`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`879`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`880`	`880`	`fn query_context_stream_sizes(&mut self) -> crate::Result<StreamSizes> {`
`881`	`881`	`match self {`
`882`	`882`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_stream_sizes(),`
`@@ -888,7 +888,7 @@ impl Sspi for SspiContext {`
`888`	`888`	`}`
`889`	`889`	`}`
`890`	`890`
`891`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`891`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`892`	`892`	`fn query_context_package_info(&mut self) -> crate::Result<PackageInfo> {`
`893`	`893`	`match self {`
`894`	`894`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_package_info(),`
`@@ -900,7 +900,7 @@ impl Sspi for SspiContext {`
`900`	`900`	`}`
`901`	`901`	`}`
`902`	`902`
`903`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`903`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`904`	`904`	`fn query_context_cert_trust_status(&mut self) -> crate::Result<CertTrustStatus> {`
`905`	`905`	`match self {`
`906`	`906`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_cert_trust_status(),`
`@@ -912,7 +912,7 @@ impl Sspi for SspiContext {`
`912`	`912`	`}`
`913`	`913`	`}`
`914`	`914`
`915`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`915`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`916`	`916`	`fn query_context_remote_cert(&mut self) -> crate::Result<CertContext> {`
`917`	`917`	`match self {`
`918`	`918`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_remote_cert(),`
`@@ -924,7 +924,7 @@ impl Sspi for SspiContext {`
`924`	`924`	`}`
`925`	`925`	`}`
`926`	`926`
`927`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`927`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`928`	`928`	`fn query_context_negotiation_package(&mut self) -> crate::Result<PackageInfo> {`
`929`	`929`	`match self {`
`930`	`930`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_negotiation_package(),`
`@@ -936,7 +936,7 @@ impl Sspi for SspiContext {`
`936`	`936`	`}`
`937`	`937`	`}`
`938`	`938`
`939`		`- #[instrument(ret, fields(security_package = self.package_name()), skip(self))]`
	`939`	`+ #[instrument(ret, level = "debug", fields(security_package = self.package_name()), skip(self))]`
`940`	`940`	`fn query_context_connection_info(&mut self) -> crate::Result<ConnectionInfo> {`
`941`	`941`	`match self {`
`942`	`942`	`SspiContext::Ntlm(ntlm) => ntlm.query_context_connection_info(),`
Original file line number	Diff line number	Diff line change
`@@ -365,7 +365,7 @@ impl SspiImpl for SspiCredSsp {`
`365`	`365`	`}`
`366`	`366`
`367`	`367`	`impl SspiCredSsp {`
`368`		`- #[instrument(ret, fields(state = ?self.state), skip_all)]`
	`368`	`+ #[instrument(ret, level = "debug", fields(state = ?self.state), skip_all)]`
`369`	`369`	`#[async_recursion]`
`370`	`370`	`pub(crate) async fn initialize_security_context_impl<'a>(`
`371`	`371`	`&mut self,`
Original file line number	Diff line number	Diff line change
`@@ -251,7 +251,7 @@ impl TsRequest {`
`251`	`251`	`}`
`252`	`252`	`}`
`253`	`253`
`254`		`-#[instrument(ret)]`
	`254`	`+#[instrument(ret, level = "debug")]`
`255`	`255`	`fn write_smart_card_credentials(credentials: &SmartCardIdentityBuffers) -> crate::Result<Vec<u8>> {`
`256`	`256`	`let smart_card_creds = TsSmartCardCreds {`
`257`	`257`	`pin: ExplicitContextTag0::from(OctetStringAsn1::from(credentials.pin.as_ref().to_vec())),`
`@@ -300,7 +300,7 @@ pub fn write_ts_credentials(credentials: &CredentialsBuffers, cred_ssp_mode: Cre`
`300`	`300`	`Ok(picky_asn1_der::to_vec(&ts_creds)?)`
`301`	`301`	`}`
`302`	`302`
`303`		`-#[instrument(ret)]`
	`303`	`+#[instrument(ret, level = "debug")]`
`304`	`304`	`fn write_password_credentials(credentials: &AuthIdentityBuffers, cred_ssp_mode: CredSspMode) -> io::Result<Vec<u8>> {`
`305`	`305`	`let empty_identity = AuthIdentityBuffers::default();`
`306`	`306`	`let identity = match cred_ssp_mode {`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ pub fn detect_kdc_hosts_from_system(domain: &str) -> Vec<String> {`
`53`	`53`	`Vec::new()`
`54`	`54`	`}`
`55`	`55`
`56`		`-#[instrument(ret)]`
	`56`	`+#[instrument(ret, level = "debug")]`
`57`	`57`	`pub fn detect_kdc_hosts(domain: &str) -> Vec<String> {`
`58`	`58`	`if let Ok(kdc_url) = env::var(format!("SSPI_KDC_URL_{}", domain)) {`
`59`	`59`	`return vec![kdc_url];`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ impl Negotiate {`
`130`	`130`	`// 3) if the provided username is FQDN and we can resolve KDC then it'll use Kerberos`
`131`	`131`	`// 4) if SSPI_KDC_URL_ENV is set then it'll also use Kerberos`
`132`	`132`	`// 5) in any other cases, it'll use NTLM`
`133`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip(self))]`
	`133`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip(self))]`
`134`	`134`	`fn negotiate_protocol(&mut self, username: &str, domain: &str) -> Result<()> {`
`135`	`135`	`if let NegotiatedProtocol::Ntlm(_) = &self.protocol {`
`136`	`136`	`#[cfg(target_os = "windows")]`
`@@ -266,7 +266,7 @@ impl Negotiate {`
`266`	`266`	`}`
`267`	`267`
`268`	`268`	`impl SspiEx for Negotiate {`
`269`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`269`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`270`	`270`	`fn custom_set_auth_identity(&mut self, identity: Self::AuthenticationData) -> Result<()> {`
`271`	`271`	`self.auth_identity = Some(identity.clone().try_into().unwrap());`
`272`	`272`
`@@ -293,7 +293,7 @@ impl SspiEx for Negotiate {`
`293`	`293`	`}`
`294`	`294`
`295`	`295`	`impl Sspi for Negotiate {`
`296`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip(self))]`
	`296`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip(self))]`
`297`	`297`	`fn complete_auth_token(&mut self, token: &mut [SecurityBuffer]) -> Result<SecurityStatus> {`
`298`	`298`	`match &mut self.protocol {`
`299`	`299`	`NegotiatedProtocol::Pku2u(pku2u) => pku2u.complete_auth_token(token),`
`@@ -302,7 +302,7 @@ impl Sspi for Negotiate {`
`302`	`302`	`}`
`303`	`303`	`}`
`304`	`304`
`305`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`305`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`306`	`306`	`fn encrypt_message(`
`307`	`307`	`&mut self,`
`308`	`308`	`flags: crate::EncryptionFlags,`
`@@ -316,7 +316,7 @@ impl Sspi for Negotiate {`
`316`	`316`	`}`
`317`	`317`	`}`
`318`	`318`
`319`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`319`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`320`	`320`	`fn decrypt_message<'data>(`
`321`	`321`	`&mut self,`
`322`	`322`	`message: &mut [SecurityBufferRef<'data>],`
`@@ -329,7 +329,7 @@ impl Sspi for Negotiate {`
`329`	`329`	`}`
`330`	`330`	`}`
`331`	`331`
`332`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`332`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`333`	`333`	`fn query_context_sizes(&mut self) -> Result<ContextSizes> {`
`334`	`334`	`match &mut self.protocol {`
`335`	`335`	`NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_sizes(),`
`@@ -338,7 +338,7 @@ impl Sspi for Negotiate {`
`338`	`338`	`}`
`339`	`339`	`}`
`340`	`340`
`341`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`341`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`342`	`342`	`fn query_context_names(&mut self) -> Result<ContextNames> {`
`343`	`343`	`match &mut self.protocol {`
`344`	`344`	`NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_names(),`
`@@ -347,12 +347,12 @@ impl Sspi for Negotiate {`
`347`	`347`	`}`
`348`	`348`	`}`
`349`	`349`
`350`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`350`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`351`	`351`	`fn query_context_package_info(&mut self) -> Result<PackageInfo> {`
`352`	`352`	`crate::query_security_package_info(SecurityPackageType::Negotiate)`
`353`	`353`	`}`
`354`	`354`
`355`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`355`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`356`	`356`	`fn query_context_negotiation_package(&mut self) -> Result<PackageInfo> {`
`357`	`357`	`match &mut self.protocol {`
`358`	`358`	`NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_package_info(),`
`@@ -361,7 +361,7 @@ impl Sspi for Negotiate {`
`361`	`361`	`}`
`362`	`362`	`}`
`363`	`363`
`364`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`364`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`365`	`365`	`fn query_context_cert_trust_status(&mut self) -> Result<CertTrustStatus> {`
`366`	`366`	`match &mut self.protocol {`
`367`	`367`	`NegotiatedProtocol::Pku2u(pku2u) => pku2u.query_context_cert_trust_status(),`
`@@ -414,7 +414,7 @@ impl SspiImpl for Negotiate {`
`414`	`414`	`type CredentialsHandle = Option<CredentialsBuffers>;`
`415`	`415`	`type AuthenticationData = Credentials;`
`416`	`416`
`417`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`417`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`418`	`418`	`fn acquire_credentials_handle_impl(`
`419`	`419`	`&mut self,`
`420`	`420`	`builder: builders::FilledAcquireCredentialsHandle<'_, Self::CredentialsHandle, Self::AuthenticationData>,`
`@@ -478,7 +478,7 @@ impl SspiImpl for Negotiate {`
`478`	`478`	`})`
`479`	`479`	`}`
`480`	`480`
`481`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`481`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`482`	`482`	`fn accept_security_context_impl(`
`483`	`483`	`&mut self,`
`484`	`484`	`builder: builders::FilledAcceptSecurityContext<'_, Self::CredentialsHandle>,`
`@@ -517,7 +517,7 @@ impl SspiImpl for Negotiate {`
`517`	`517`	`}`
`518`	`518`
`519`	`519`	`impl<'a> Negotiate {`
`520`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`520`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`521`	`521`	`pub(crate) async fn change_password(`
`522`	`522`	`&'a mut self,`
`523`	`523`	`yield_point: &mut YieldPointLocal,`
`@@ -534,7 +534,7 @@ impl<'a> Negotiate {`
`534`	`534`	`}`
`535`	`535`	`}`
`536`	`536`
`537`		`- #[instrument(ret, fields(protocol = self.protocol.protocol_name()), skip_all)]`
	`537`	`+ #[instrument(ret, level = "debug", fields(protocol = self.protocol.protocol_name()), skip_all)]`
`538`	`538`	`pub(crate) async fn initialize_security_context_impl(`
`539`	`539`	`&'a mut self,`
`540`	`540`	`yield_point: &mut YieldPointLocal,`
Original file line number	Diff line number	Diff line change
`@@ -286,7 +286,7 @@ impl SspiImpl for Ntlm {`
`286`	`286`	`})`
`287`	`287`	`}`
`288`	`288`
`289`		`- #[instrument(ret, fields(state = ?self.state), skip_all)]`
	`289`	`+ #[instrument(ret, level = "debug", fields(state = ?self.state), skip_all)]`
`290`	`290`	`fn initialize_security_context_impl(`
`291`	`291`	`&mut self,`
`292`	`292`	`builder: &mut FilledInitializeSecurityContext<'_, Self::CredentialsHandle>,`
Original file line number	Diff line number	Diff line change
`@@ -414,7 +414,7 @@ impl SspiImpl for Pku2u {`
`414`	`414`	`}`
`415`	`415`
`416`	`416`	`impl Pku2u {`
`417`		`- #[instrument(ret, fields(state = ?self.state), skip_all)]`
	`417`	`+ #[instrument(ret, level = "debug", fields(state = ?self.state), skip_all)]`
`418`	`418`	`pub(crate) fn initialize_security_context_impl(`
`419`	`419`	`&mut self,`
`420`	`420`	`builder: &mut crate::builders::FilledInitializeSecurityContext<'_, <Self as SspiImpl>::CredentialsHandle>,`