Devolutions · CBenoit · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024
@@ -135,15 +135,15 @@ jobs:
 
       - name: Update runner
         if: ${{ matrix.os == 'linux' }}
-        run: sudo apt update
+        run: sudo apt-get update
 
       # We need a newer version of GCC because aws-lc-rs rejects versions affected
       # by this bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189
       # These lines can be safely removed once we switch to ubuntu-22.04 runner.
       - name: Install GCC 10.x
         if: ${{ matrix.os == 'linux' }}
         run: |
-          sudo apt install gcc-10
+          sudo apt-get install gcc-10
           sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 60
 
       - name: Build sspi (${{matrix.os}}-${{matrix.arch}}) (${{matrix.build}})
@@ -185,7 +185,7 @@ jobs:
           }
 
           if ($RustTarget -eq 'aarch64-unknown-linux-gnu') {
-            sudo apt install gcc-aarch64-linux-gnu
+            sudo apt-get install gcc-aarch64-linux-gnu
             $Env:RUSTFLAGS="-C linker=aarch64-linux-gnu-gcc"
           }
 
@@ -205,14 +205,14 @@ jobs:
           }
 
           if ($DotNetOs -Eq 'win') {
-            $CargoArgs += @('--features', 'scard,tsssp')
+            $CargoArgs += @('--features', 'tsssp')
           }
 
           # No pregenerated Android bindings are provided for aws-lc-sys at this time.
           # See: https://github.com/aws/aws-lc-rs/tree/main/aws-lc-sys#pregenerated-bindings-availability
           # For simplicity, we’re using the ring crypto backend.
           if ($DotNetOs -Eq 'android') {
-            $CargoArgs += @('--no-default-features', '--features', 'ring')
+            $CargoArgs += @('--no-default-features', '--features', 'scard,ring')
           }
 
           $CargoCmd = $(@('cargo') + $CargoArgs) -Join ' '

@@ -36,7 +36,7 @@ jobs:
         include:
           - os: win
             runner: windows-2022
-            additional-args: --features tsssp,scard
+            additional-args: --features tsssp
           - os: osx
             runner: macos-12
           - os: linux
@@ -67,14 +67,28 @@ jobs:
             crate-name: sspi
           - manifest: ffi/Cargo.toml
             crate-name: sspi-ffi
+
           - os: win
             runner: windows-2022
-            additional-args: --features tsssp,scard
           - os: osx
             runner: macos-12
           - os: linux
             runner: ubuntu-20.04
 
+          - os: win
+            manifest: Cargo.toml
+            additional-args: --features network_client,dns_resolver,scard,tsssp
+          - os: osx
+            manifest: Cargo.toml
+            additional-args: --features network_client,dns_resolver,scard
+          - os: linux
+            manifest: Cargo.toml
+            additional-args: --features network_client,dns_resolver,scard
+
+          - os: win
+            manifest: ffi/Cargo.toml
+            additional-args: --features tsssp
+
     steps:
       - uses: actions/checkout@v4
 
@@ -99,7 +113,7 @@ jobs:
           rustup override set nightly
 
       - name: Test
-        run: cargo miri test --manifest-path ffi/Cargo.toml
+        run: cargo miri test --manifest-path ffi/Cargo.toml --no-default-features --features ring
 
   wasm:
     name: WASM target
@@ -110,7 +124,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Prepare runner
-        run: sudo apt install wabt
+        run: sudo apt-get install wabt
 
       - name: Check
         shell: pwsh

diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml
@@ -13,7 +13,7 @@ name = "sspi"
 crate-type = ["cdylib"]
 
 [features]
-default = ["aws-lc-rs"]
+default = ["aws-lc-rs", "scard"]
 tsssp = ["sspi/tsssp"]
 scard = ["sspi/scard", "dep:ffi-types", "dep:winscard", "dep:bitflags", "dep:picky-asn1-x509", "dep:picky"]
 aws-lc-rs = ["sspi/aws-lc-rs"]

diff --git a/ffi/src/winscard/pcsc_lite/mod.rs b/ffi/src/winscard/pcsc_lite/mod.rs
@@ -102,7 +102,9 @@ bitflags::bitflags! {
 
 impl From<State> for winscard::winscard::State {
     fn from(value: State) -> Self {
-        if let Ok(state) = Self::try_from(value.bits() as u32) {
+        #[allow(clippy::useless_conversion)]
+        let bits: u32 = value.bits().try_into().expect("Card state value should fit in u32");
+        if let Ok(state) = Self::try_from(bits) {
             // If the pcsc-lite card state has only one bit set, then we can safely convert it to the Windows WinSCard state.
             state
         } else {
@@ -148,11 +150,18 @@ pub fn initialize_pcsc_lite_api() -> WinScardResult<PcscLiteApiFunctionTable> {
     macro_rules! load_fn {
         ($func_name:literal) => {{
             let fn_name = CString::new($func_name).expect("CString creation should not fail");
-            // SAFETY: The `handle` is initialized and checked above. The function name should be correct
-            // because it's hardcoded in the code.
+
+            // SAFETY: The `handle` is initialized and checked above.
+            // The function name should be correct because it's hardcoded in the code.
             let fn_ptr = unsafe { dlsym(handle, fn_name.as_ptr()) };
             debug!(?fn_ptr, $func_name);
-            unsafe { std::mem::transmute(fn_ptr) }
+
+            // SAFETY: FFI. We have to trust that we defined the signatures correctly.
+            unsafe {
+                // Not great to silent, but mostly fine in this context.
+                #[expect(clippy::missing_transmute_annotations)]
+                std::mem::transmute::<*mut libc::c_void, _>(fn_ptr)
+            }
         }};
     }
 

diff --git a/ffi/src/winscard/scard.rs b/ffi/src/winscard/scard.rs
@@ -82,7 +82,7 @@ pub unsafe extern "system" fn SCardConnectA(
 
     let reader_name = try_execute!(
         // SAFETY: The `sz_reader` parameter is not null (checked above).
-        unsafe { CStr::from_ptr(sz_reader as *const i8) }.to_str(),
+        unsafe { CStr::from_ptr(sz_reader as *const _) }.to_str(),
         ErrorKind::InvalidParameter
     );
 

diff --git a/ffi/src/winscard/scard_context.rs b/ffi/src/winscard/scard_context.rs
@@ -386,7 +386,7 @@ pub unsafe extern "system" fn SCardGetCardTypeProviderNameA(
     let card_name = try_execute!(
         // SAFETY: It's safe to construct a slice because the `sz_card_name` is not null (checked above).
         // All other guarantees should be provided by the user.
-        unsafe { CStr::from_ptr(sz_card_name as *const i8) }.to_str(),
+        unsafe { CStr::from_ptr(sz_card_name as *const _) }.to_str(),
         ErrorKind::InvalidParameter
     );
 
@@ -979,7 +979,7 @@ pub unsafe extern "system" fn SCardReadCacheA(
 
     let lookup_name = try_execute!(
         // SAFETY: The `lookup_name` parameter is not null (checked above).
-        unsafe { CStr::from_ptr(lookup_name as *const i8) }.to_str(),
+        unsafe { CStr::from_ptr(lookup_name as *const _) }.to_str(),
         ErrorKind::InvalidParameter
     );
     // SAFETY: The `lookup_name` parameter is type checked. All other parameters are checked inside the function.
@@ -1065,7 +1065,7 @@ pub unsafe extern "system" fn SCardWriteCacheA(
 
     let lookup_name = try_execute!(
         // SAFETY: The `lookup_name` parameter is not null (checked above).
-        unsafe { CStr::from_ptr(lookup_name as *const i8) }.to_str(),
+        unsafe { CStr::from_ptr(lookup_name as *const _) }.to_str(),
         ErrorKind::InvalidParameter
     );
     // SAFETY: The `lookup_name` parameter is type checked. All other parameters are checked inside the function
@@ -1142,7 +1142,7 @@ pub unsafe extern "system" fn SCardGetReaderIconA(
 
     let reader_name = try_execute!(
         // SAFETY: The `sz_reader_name` parameter is not null (checked above).
-        unsafe { CStr::from_ptr(sz_reader_name as *const i8) }.to_str(),
+        unsafe { CStr::from_ptr(sz_reader_name as *const _) }.to_str(),
         ErrorKind::InvalidParameter
     );
 
@@ -1207,7 +1207,7 @@ pub unsafe extern "system" fn SCardGetDeviceTypeIdA(
 
     let reader_name = try_execute!(
         // SAFETY: The `sz_reader_name` parameter is not null (checked above).
-        unsafe { CStr::from_ptr(sz_reader_name as *const i8) }.to_str(),
+        unsafe { CStr::from_ptr(sz_reader_name as *const _) }.to_str(),
         ErrorKind::InvalidParameter
     );
 

diff --git a/ffi/src/winscard/system_scard/context.rs b/ffi/src/winscard/system_scard/context.rs
@@ -260,7 +260,7 @@ fn init_scard_cache(
 
         value.extend_from_slice(&(u16::try_from(auth_cert_der.len())?.to_le_bytes())); // uncompressed certificate data len
         value.extend_from_slice(&[0x00, 0x00]); // flags that specify that the certificate is not compressed
-        value.extend_from_slice(&auth_cert_der);
+        value.extend_from_slice(auth_cert_der);
 
         value
     });

diff --git a/ffi/src/winscard/system_scard/mod.rs b/ffi/src/winscard/system_scard/mod.rs
@@ -79,10 +79,11 @@ pub fn init_scard_api_table() -> WinScardResult<SCardApiFunctionTable> {
 
     macro_rules! load_fn {
         ($func_name:literal) => {{
-            // SAFETY: This function is safe to call because we've checked the `winscard_mofule`
+            // SAFETY: This function is safe to call because we've checked the `winscard_module`
             // handle above and the `$func_name` is correct and hardcoded in the code.
             unsafe {
-                #[expect(clippy::missing_transmute_annotations)] // Not great to silent, but mostly fine.
+                // Not great to silent, but mostly fine in this context.
+                #[expect(clippy::missing_transmute_annotations)]
                 transmute::<windows_sys::Win32::Foundation::FARPROC, _>(GetProcAddress(winscard_module, s!($func_name)))
             }
         }};