diff --git a/.github/workflows/build-native.yml b/.github/workflows/build-native.yml index 0be9e83e..53278541 100644 --- a/.github/workflows/build-native.yml +++ b/.github/workflows/build-native.yml @@ -135,7 +135,7 @@ jobs: - name: Update runner if: ${{ matrix.os == 'linux' }} - run: sudo apt update + run: sudo apt-get update # We need a newer version of GCC because aws-lc-rs rejects versions affected # by this bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189 @@ -143,7 +143,7 @@ jobs: - name: Install GCC 10.x if: ${{ matrix.os == 'linux' }} run: | - sudo apt install gcc-10 + sudo apt-get install gcc-10 sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 60 - name: Build sspi (${{matrix.os}}-${{matrix.arch}}) (${{matrix.build}}) @@ -185,7 +185,7 @@ jobs: } if ($RustTarget -eq 'aarch64-unknown-linux-gnu') { - sudo apt install gcc-aarch64-linux-gnu + sudo apt-get install gcc-aarch64-linux-gnu $Env:RUSTFLAGS="-C linker=aarch64-linux-gnu-gcc" } @@ -205,14 +205,14 @@ jobs: } if ($DotNetOs -Eq 'win') { - $CargoArgs += @('--features', 'scard,tsssp') + $CargoArgs += @('--features', 'tsssp') } # No pregenerated Android bindings are provided for aws-lc-sys at this time. # See: https://github.com/aws/aws-lc-rs/tree/main/aws-lc-sys#pregenerated-bindings-availability # For simplicity, we’re using the ring crypto backend. if ($DotNetOs -Eq 'android') { - $CargoArgs += @('--no-default-features', '--features', 'ring') + $CargoArgs += @('--no-default-features', '--features', 'scard,ring') } $CargoCmd = $(@('cargo') + $CargoArgs) -Join ' ' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24f4eb20..dbd19f1f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: include: - os: win runner: windows-2022 - additional-args: --features tsssp,scard + additional-args: --features tsssp - os: osx runner: macos-12 - os: linux @@ -67,14 +67,28 @@ jobs: crate-name: sspi - manifest: ffi/Cargo.toml crate-name: sspi-ffi + - os: win runner: windows-2022 - additional-args: --features tsssp,scard - os: osx runner: macos-12 - os: linux runner: ubuntu-20.04 + - os: win + manifest: Cargo.toml + additional-args: --features network_client,dns_resolver,scard,tsssp + - os: osx + manifest: Cargo.toml + additional-args: --features network_client,dns_resolver,scard + - os: linux + manifest: Cargo.toml + additional-args: --features network_client,dns_resolver,scard + + - os: win + manifest: ffi/Cargo.toml + additional-args: --features tsssp + steps: - uses: actions/checkout@v4 @@ -99,7 +113,7 @@ jobs: rustup override set nightly - name: Test - run: cargo miri test --manifest-path ffi/Cargo.toml + run: cargo miri test --manifest-path ffi/Cargo.toml --no-default-features --features ring wasm: name: WASM target @@ -110,7 +124,7 @@ jobs: - uses: actions/checkout@v4 - name: Prepare runner - run: sudo apt install wabt + run: sudo apt-get install wabt - name: Check shell: pwsh diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index 8745e98a..a71f0e14 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -13,7 +13,7 @@ name = "sspi" crate-type = ["cdylib"] [features] -default = ["aws-lc-rs"] +default = ["aws-lc-rs", "scard"] tsssp = ["sspi/tsssp"] scard = ["sspi/scard", "dep:ffi-types", "dep:winscard", "dep:bitflags", "dep:picky-asn1-x509", "dep:picky"] aws-lc-rs = ["sspi/aws-lc-rs"] diff --git a/ffi/src/winscard/pcsc_lite/mod.rs b/ffi/src/winscard/pcsc_lite/mod.rs index cf313747..f61da4aa 100644 --- a/ffi/src/winscard/pcsc_lite/mod.rs +++ b/ffi/src/winscard/pcsc_lite/mod.rs @@ -102,7 +102,9 @@ bitflags::bitflags! { impl From for winscard::winscard::State { fn from(value: State) -> Self { - if let Ok(state) = Self::try_from(value.bits() as u32) { + #[allow(clippy::useless_conversion)] + let bits: u32 = value.bits().try_into().expect("Card state value should fit in u32"); + if let Ok(state) = Self::try_from(bits) { // If the pcsc-lite card state has only one bit set, then we can safely convert it to the Windows WinSCard state. state } else { @@ -148,11 +150,18 @@ pub fn initialize_pcsc_lite_api() -> WinScardResult { macro_rules! load_fn { ($func_name:literal) => {{ let fn_name = CString::new($func_name).expect("CString creation should not fail"); - // SAFETY: The `handle` is initialized and checked above. The function name should be correct - // because it's hardcoded in the code. + + // SAFETY: The `handle` is initialized and checked above. + // The function name should be correct because it's hardcoded in the code. let fn_ptr = unsafe { dlsym(handle, fn_name.as_ptr()) }; debug!(?fn_ptr, $func_name); - unsafe { std::mem::transmute(fn_ptr) } + + // SAFETY: FFI. We have to trust that we defined the signatures correctly. + unsafe { + // Not great to silent, but mostly fine in this context. + #[expect(clippy::missing_transmute_annotations)] + std::mem::transmute::<*mut libc::c_void, _>(fn_ptr) + } }}; } diff --git a/ffi/src/winscard/scard.rs b/ffi/src/winscard/scard.rs index b2aaa9ef..85054a27 100644 --- a/ffi/src/winscard/scard.rs +++ b/ffi/src/winscard/scard.rs @@ -82,7 +82,7 @@ pub unsafe extern "system" fn SCardConnectA( let reader_name = try_execute!( // SAFETY: The `sz_reader` parameter is not null (checked above). - unsafe { CStr::from_ptr(sz_reader as *const i8) }.to_str(), + unsafe { CStr::from_ptr(sz_reader as *const _) }.to_str(), ErrorKind::InvalidParameter ); diff --git a/ffi/src/winscard/scard_context.rs b/ffi/src/winscard/scard_context.rs index 8b414a3c..6eb15159 100644 --- a/ffi/src/winscard/scard_context.rs +++ b/ffi/src/winscard/scard_context.rs @@ -386,7 +386,7 @@ pub unsafe extern "system" fn SCardGetCardTypeProviderNameA( let card_name = try_execute!( // SAFETY: It's safe to construct a slice because the `sz_card_name` is not null (checked above). // All other guarantees should be provided by the user. - unsafe { CStr::from_ptr(sz_card_name as *const i8) }.to_str(), + unsafe { CStr::from_ptr(sz_card_name as *const _) }.to_str(), ErrorKind::InvalidParameter ); @@ -979,7 +979,7 @@ pub unsafe extern "system" fn SCardReadCacheA( let lookup_name = try_execute!( // SAFETY: The `lookup_name` parameter is not null (checked above). - unsafe { CStr::from_ptr(lookup_name as *const i8) }.to_str(), + unsafe { CStr::from_ptr(lookup_name as *const _) }.to_str(), ErrorKind::InvalidParameter ); // SAFETY: The `lookup_name` parameter is type checked. All other parameters are checked inside the function. @@ -1065,7 +1065,7 @@ pub unsafe extern "system" fn SCardWriteCacheA( let lookup_name = try_execute!( // SAFETY: The `lookup_name` parameter is not null (checked above). - unsafe { CStr::from_ptr(lookup_name as *const i8) }.to_str(), + unsafe { CStr::from_ptr(lookup_name as *const _) }.to_str(), ErrorKind::InvalidParameter ); // SAFETY: The `lookup_name` parameter is type checked. All other parameters are checked inside the function @@ -1142,7 +1142,7 @@ pub unsafe extern "system" fn SCardGetReaderIconA( let reader_name = try_execute!( // SAFETY: The `sz_reader_name` parameter is not null (checked above). - unsafe { CStr::from_ptr(sz_reader_name as *const i8) }.to_str(), + unsafe { CStr::from_ptr(sz_reader_name as *const _) }.to_str(), ErrorKind::InvalidParameter ); @@ -1207,7 +1207,7 @@ pub unsafe extern "system" fn SCardGetDeviceTypeIdA( let reader_name = try_execute!( // SAFETY: The `sz_reader_name` parameter is not null (checked above). - unsafe { CStr::from_ptr(sz_reader_name as *const i8) }.to_str(), + unsafe { CStr::from_ptr(sz_reader_name as *const _) }.to_str(), ErrorKind::InvalidParameter ); diff --git a/ffi/src/winscard/system_scard/context.rs b/ffi/src/winscard/system_scard/context.rs index da4af730..b7946f92 100644 --- a/ffi/src/winscard/system_scard/context.rs +++ b/ffi/src/winscard/system_scard/context.rs @@ -260,7 +260,7 @@ fn init_scard_cache( value.extend_from_slice(&(u16::try_from(auth_cert_der.len())?.to_le_bytes())); // uncompressed certificate data len value.extend_from_slice(&[0x00, 0x00]); // flags that specify that the certificate is not compressed - value.extend_from_slice(&auth_cert_der); + value.extend_from_slice(auth_cert_der); value }); diff --git a/ffi/src/winscard/system_scard/mod.rs b/ffi/src/winscard/system_scard/mod.rs index 7130ba04..90982b34 100644 --- a/ffi/src/winscard/system_scard/mod.rs +++ b/ffi/src/winscard/system_scard/mod.rs @@ -79,10 +79,11 @@ pub fn init_scard_api_table() -> WinScardResult { macro_rules! load_fn { ($func_name:literal) => {{ - // SAFETY: This function is safe to call because we've checked the `winscard_mofule` + // SAFETY: This function is safe to call because we've checked the `winscard_module` // handle above and the `$func_name` is correct and hardcoded in the code. unsafe { - #[expect(clippy::missing_transmute_annotations)] // Not great to silent, but mostly fine. + // Not great to silent, but mostly fine in this context. + #[expect(clippy::missing_transmute_annotations)] transmute::(GetProcAddress(winscard_module, s!($func_name))) } }};