Consistently use std::ffi over libc for C types (#1355)

Author: bjorn3

Makefile

@@ -1,6 +1,6 @@
 PAM_SRC_DIR = src/pam
 
-BINDGEN_CMD = bindgen --allowlist-function '^pam_.*$$' --allowlist-var '^PAM_.*$$' --opaque-type pam_handle_t --blocklist-function pam_vsyslog --blocklist-function pam_vprompt --blocklist-function pam_vinfo --blocklist-function pam_verror --blocklist-type '.*va_list.*' --ctypes-prefix libc --no-layout-tests --sort-semantically
+BINDGEN_CMD = bindgen --allowlist-function '^pam_.*$$' --allowlist-var '^PAM_.*$$' --opaque-type pam_handle_t --blocklist-function pam_vsyslog --blocklist-function pam_vprompt --blocklist-function pam_vinfo --blocklist-function pam_verror --blocklist-type '.*va_list.*' --ctypes-prefix std::ffi --no-layout-tests --sort-semantically
 
 PAM_VARIANT = $$(./get-pam-variant.bash)
 

src/cutils/mod.rs

@@ -1,12 +1,12 @@
 use std::{
-    ffi::{CStr, OsStr, OsString},
+    ffi::{c_char, c_int, c_long, CStr, OsStr, OsString},
     os::{
         fd::{AsRawFd, BorrowedFd},
         unix::prelude::OsStrExt,
     },
 };
 
-pub fn cerr<Int: Copy + TryInto<libc::c_long>>(res: Int) -> std::io::Result<Int> {
+pub fn cerr<Int: Copy + TryInto<c_long>>(res: Int) -> std::io::Result<Int> {
     match res.try_into() {
         Ok(-1) => Err(std::io::Error::last_os_error()),
         _ => Ok(res),
@@ -23,15 +23,15 @@ extern "C" {
         link_name = "__errno"
     )]
     #[cfg_attr(target_os = "linux", link_name = "__errno_location")]
-    fn errno_location() -> *mut libc::c_int;
+    fn errno_location() -> *mut c_int;
 }
 
-pub fn set_errno(no: libc::c_int) {
+pub fn set_errno(no: c_int) {
     // SAFETY: errno_location is a thread-local pointer to an integer, so we are the only writers
     unsafe { *errno_location() = no };
 }
 
-pub fn sysconf(name: libc::c_int) -> Option<libc::c_long> {
+pub fn sysconf(name: c_int) -> Option<c_long> {
     set_errno(0);
     // SAFETY: sysconf will always respond with 0 or -1 for every input
     cerr(unsafe { libc::sysconf(name) }).ok()
@@ -44,7 +44,7 @@ pub fn sysconf(name: libc::c_int) -> Option<libc::c_long> {
 /// # Safety
 /// This function assumes that the pointer is either a null pointer or that
 /// it points to a valid NUL-terminated C string.
-pub unsafe fn string_from_ptr(ptr: *const libc::c_char) -> String {
+pub unsafe fn string_from_ptr(ptr: *const c_char) -> String {
     if ptr.is_null() {
         String::new()
     } else {
@@ -59,7 +59,7 @@ pub unsafe fn string_from_ptr(ptr: *const libc::c_char) -> String {
 /// # Safety
 /// This function assumes that the pointer is either a null pointer or that
 /// it points to a valid NUL-terminated C string.
-pub unsafe fn os_string_from_ptr(ptr: *const libc::c_char) -> OsString {
+pub unsafe fn os_string_from_ptr(ptr: *const c_char) -> OsString {
     if ptr.is_null() {
         OsString::new()
     } else {
@@ -107,22 +107,24 @@ pub fn is_fifo(fildes: BorrowedFd) -> bool {
 #[allow(clippy::undocumented_unsafe_blocks)]
 #[cfg(test)]
 mod test {
+    use std::ffi::c_char;
+
     use super::{os_string_from_ptr, string_from_ptr};
 
     #[test]
     fn miri_test_str_to_ptr() {
         let strp = |ptr| unsafe { string_from_ptr(ptr) };
         assert_eq!(strp(std::ptr::null()), "");
-        assert_eq!(strp("\0".as_ptr() as *const libc::c_char), "");
-        assert_eq!(strp("hello\0".as_ptr() as *const libc::c_char), "hello");
+        assert_eq!(strp("\0".as_ptr() as *const c_char), "");
+        assert_eq!(strp("hello\0".as_ptr() as *const c_char), "hello");
     }
 
     #[test]
     fn miri_test_os_str_to_ptr() {
         let strp = |ptr| unsafe { os_string_from_ptr(ptr) };
         assert_eq!(strp(std::ptr::null()), "");
-        assert_eq!(strp("\0".as_ptr() as *const libc::c_char), "");
-        assert_eq!(strp("hello\0".as_ptr() as *const libc::c_char), "hello");
+        assert_eq!(strp("\0".as_ptr() as *const c_char), "");
+        assert_eq!(strp("hello\0".as_ptr() as *const c_char), "hello");
     }
 
     #[test]

src/exec/event.rs

@@ -1,10 +1,11 @@
 use std::{
+    ffi::c_short,
     fmt::Debug,
     io,
     os::fd::{AsFd, AsRawFd, RawFd},
 };
 
-use libc::{c_short, pollfd, POLLIN, POLLOUT};
+use libc::{pollfd, POLLIN, POLLOUT};
 
 use crate::common::{HARDENED_ENUM_VALUE_0, HARDENED_ENUM_VALUE_1};
 use crate::{cutils::cerr, log::dev_debug};

src/exec/noexec.rs

@@ -3,7 +3,7 @@
 #![cfg_attr(not(target_arch = "x86_64"), allow(unused))]
 
 use std::alloc::{handle_alloc_error, GlobalAlloc, Layout};
-use std::ffi::c_void;
+use std::ffi::{c_int, c_uint, c_ulong, c_void};
 use std::mem::{align_of, size_of, zeroed};
 use std::os::fd::{AsRawFd, FromRawFd, OwnedFd, RawFd};
 use std::os::unix::net::UnixStream;
@@ -13,14 +13,13 @@ use std::ptr::{self, addr_of};
 use std::{cmp, io, thread};
 
 use libc::{
-    c_int, c_uint, c_ulong, close, cmsghdr, iovec, msghdr, prctl, recvmsg, seccomp_data,
-    seccomp_notif, seccomp_notif_resp, seccomp_notif_sizes, sendmsg, sock_filter, sock_fprog,
-    syscall, SYS_execve, SYS_execveat, SYS_seccomp, __errno_location, BPF_ABS, BPF_ALU, BPF_AND,
-    BPF_JEQ, BPF_JMP, BPF_JUMP, BPF_K, BPF_LD, BPF_RET, BPF_STMT, BPF_W, CMSG_DATA, CMSG_FIRSTHDR,
-    CMSG_LEN, CMSG_SPACE, EACCES, ENOENT, MSG_TRUNC, PR_SET_NO_NEW_PRIVS, SCM_RIGHTS,
-    SECCOMP_FILTER_FLAG_NEW_LISTENER, SECCOMP_GET_NOTIF_SIZES, SECCOMP_RET_ALLOW,
-    SECCOMP_RET_KILL_PROCESS, SECCOMP_SET_MODE_FILTER, SECCOMP_USER_NOTIF_FLAG_CONTINUE,
-    SOL_SOCKET,
+    close, cmsghdr, iovec, msghdr, prctl, recvmsg, seccomp_data, seccomp_notif, seccomp_notif_resp,
+    seccomp_notif_sizes, sendmsg, sock_filter, sock_fprog, syscall, SYS_execve, SYS_execveat,
+    SYS_seccomp, __errno_location, BPF_ABS, BPF_ALU, BPF_AND, BPF_JEQ, BPF_JMP, BPF_JUMP, BPF_K,
+    BPF_LD, BPF_RET, BPF_STMT, BPF_W, CMSG_DATA, CMSG_FIRSTHDR, CMSG_LEN, CMSG_SPACE, EACCES,
+    ENOENT, MSG_TRUNC, PR_SET_NO_NEW_PRIVS, SCM_RIGHTS, SECCOMP_FILTER_FLAG_NEW_LISTENER,
+    SECCOMP_GET_NOTIF_SIZES, SECCOMP_RET_ALLOW, SECCOMP_RET_KILL_PROCESS, SECCOMP_SET_MODE_FILTER,
+    SECCOMP_USER_NOTIF_FLAG_CONTINUE, SOL_SOCKET,
 };
 
 const SECCOMP_RET_USER_NOTIF: c_uint = 0x7fc00000;
@@ -117,7 +116,7 @@ fn alloc_notify_allocs() -> NotifyAllocs {
 /// # Safety
 ///
 /// `ioctl(fd, request, ptr)` must be safe to call
-unsafe fn ioctl<T>(fd: RawFd, request: libc::c_ulong, ptr: *mut T) -> Option<()> {
+unsafe fn ioctl<T>(fd: RawFd, request: c_ulong, ptr: *mut T) -> Option<()> {
     // SAFETY: By function contract
     if unsafe { libc::ioctl(fd, request as _, ptr) } == -1 {
         // SAFETY: Trivial
@@ -217,7 +216,7 @@ fn receive_fd(rx_fd: UnixStream) -> RawFd {
     let mut control: SingleRightAnciliaryData = unsafe { zeroed() };
     // SAFETY: The buf field is valid when zero-initialized.
     msg.msg_controllen = unsafe { control.buf.len() as _ };
-    msg.msg_control = &mut control as *mut _ as *mut libc::c_void;
+    msg.msg_control = &mut control as *mut _ as *mut c_void;
 
     // SAFETY: A valid socket fd and a valid initialized msghdr are passed in.
     if unsafe { recvmsg(rx_fd.as_raw_fd(), &mut msg, 0) } == -1 {

src/log/syslog.rs

@@ -1,12 +1,13 @@
 use core::fmt::{self, Write};
+use std::ffi::c_int;
 
 use crate::log::{Level, Log};
 
 pub struct Syslog;
 
 mod internal {
     use crate::system::syslog;
-    use std::ffi::CStr;
+    use std::ffi::{c_int, CStr};
 
     const DOTDOTDOT_START: &[u8] = b"[...] ";
     const DOTDOTDOT_END: &[u8] = b" [...]";
@@ -18,8 +19,8 @@ mod internal {
     pub struct SysLogMessageWriter {
         buffer: [u8; BUFSZ],
         cursor: usize,
-        facility: libc::c_int,
-        priority: libc::c_int,
+        facility: c_int,
+        priority: c_int,
     }
 
     // - whenever a SysLogMessageWriter has been constructed, a syslog message WILL be created
@@ -29,7 +30,7 @@ mod internal {
     // - the impl guarantees that after `line_break()`, there will be enough room available for at
     // least a single UTF8 character sequence (which is true since MAX_MSG_LEN >= 10)
     impl SysLogMessageWriter {
-        pub fn new(priority: libc::c_int, facility: libc::c_int) -> Self {
+        pub fn new(priority: c_int, facility: c_int) -> Self {
             Self {
                 buffer: [0; BUFSZ],
                 cursor: 0,
@@ -127,7 +128,7 @@ impl Write for SysLogMessageWriter {
     }
 }
 
-const FACILITY: libc::c_int = libc::LOG_AUTH;
+const FACILITY: c_int = libc::LOG_AUTH;
 
 impl Log for Syslog {
     fn log(&self, level: Level, args: &fmt::Arguments<'_>) {

src/pam/converse.rs

@@ -1,3 +1,4 @@
+use std::ffi::{c_int, c_void};
 use std::io;
 
 use crate::cutils::string_from_ptr;
@@ -29,7 +30,7 @@ pub enum PamMessageStyle {
 }
 
 impl PamMessageStyle {
-    pub fn from_int(val: libc::c_int) -> Option<PamMessageStyle> {
+    pub fn from_int(val: c_int) -> Option<PamMessageStyle> {
         use PamMessageStyle::*;
 
         match val as _ {
@@ -212,11 +213,11 @@ pub(super) struct ConverserData<C> {
 ///   this function will exhibit undefined behavior.
 /// * The messages from PAM are assumed to be formatted correctly.
 pub(super) unsafe extern "C" fn converse<C: Converser>(
-    num_msg: libc::c_int,
+    num_msg: c_int,
     msg: *mut *const pam_message,
     response: *mut *mut pam_response,
-    appdata_ptr: *mut libc::c_void,
-) -> libc::c_int {
+    appdata_ptr: *mut c_void,
+) -> c_int {
     let result = std::panic::catch_unwind(|| {
         let mut resp_bufs = Vec::with_capacity(num_msg as usize);
         for i in 0..num_msg as usize {
@@ -402,7 +403,7 @@ mod test {
     impl<'a> PamConvBorrow<'a> {
         fn new<C: Converser>(data: Pin<&'a mut ConverserData<C>>) -> PamConvBorrow<'a> {
             let appdata_ptr =
-                unsafe { data.get_unchecked_mut() as *mut ConverserData<C> as *mut libc::c_void };
+                unsafe { data.get_unchecked_mut() as *mut ConverserData<C> as *mut c_void };
             PamConvBorrow {
                 pam_conv: pam_conv {
                     conv: Some(converse::<C>),

src/pam/error.rs

@@ -1,4 +1,6 @@
-use std::{ffi::NulError, fmt, str::Utf8Error};
+use std::ffi::{c_int, NulError};
+use std::fmt;
+use std::str::Utf8Error;
 
 use crate::cutils::string_from_ptr;
 
@@ -65,7 +67,7 @@ pub enum PamErrorType {
 }
 
 impl PamErrorType {
-    pub(super) fn from_int(errno: libc::c_int) -> PamErrorType {
+    pub(super) fn from_int(errno: c_int) -> PamErrorType {
         use PamErrorType::*;
 
         match errno as _ {
@@ -109,46 +111,46 @@ impl PamErrorType {
         }
     }
 
-    pub fn as_int(&self) -> libc::c_int {
+    pub fn as_int(&self) -> c_int {
         use PamErrorType::*;
 
         match self {
-            Success => PAM_SUCCESS as libc::c_int,
-            OpenError => PAM_OPEN_ERR as libc::c_int,
-            SymbolError => PAM_SYMBOL_ERR as libc::c_int,
-            ServiceError => PAM_SERVICE_ERR as libc::c_int,
-            SystemError => PAM_SYSTEM_ERR as libc::c_int,
-            BufferError => PAM_BUF_ERR as libc::c_int,
-            ConversationError => PAM_CONV_ERR as libc::c_int,
-            PermissionDenied => PAM_PERM_DENIED as libc::c_int,
-            MaxTries => PAM_MAXTRIES as libc::c_int,
-            AuthError => PAM_AUTH_ERR as libc::c_int,
-            NewAuthTokenRequired => PAM_NEW_AUTHTOK_REQD as libc::c_int,
-            CredentialsInsufficient => PAM_CRED_INSUFFICIENT as libc::c_int,
-            AuthInfoUnavailable => PAM_AUTHINFO_UNAVAIL as libc::c_int,
-            UserUnknown => PAM_USER_UNKNOWN as libc::c_int,
-            CredentialsUnavailable => PAM_CRED_UNAVAIL as libc::c_int,
-            CredentialsExpired => PAM_CRED_EXPIRED as libc::c_int,
-            CredentialsError => PAM_CRED_ERR as libc::c_int,
-            AccountExpired => PAM_ACCT_EXPIRED as libc::c_int,
-            AuthTokenExpired => PAM_AUTHTOK_EXPIRED as libc::c_int,
-            SessionError => PAM_SESSION_ERR as libc::c_int,
-            AuthTokenError => PAM_AUTHTOK_ERR as libc::c_int,
-            AuthTokenRecoveryError => PAM_AUTHTOK_RECOVERY_ERR as libc::c_int,
-            AuthTokenLockBusy => PAM_AUTHTOK_LOCK_BUSY as libc::c_int,
-            AuthTokenDisableAging => PAM_AUTHTOK_DISABLE_AGING as libc::c_int,
-            NoModuleData => PAM_NO_MODULE_DATA as libc::c_int,
-            Ignore => PAM_IGNORE as libc::c_int,
-            Abort => PAM_ABORT as libc::c_int,
-            TryAgain => PAM_TRY_AGAIN as libc::c_int,
-            ModuleUnknown => PAM_MODULE_UNKNOWN as libc::c_int,
-            BadItem => PAM_BAD_ITEM as libc::c_int,
-            // DomainUnknown => PAM_DOMAIN_UNKNOWN as libc::c_int,
-            // BadHandle => PAM_BAD_HANDLE as libc::c_int,
-            // BadFeature => PAM_BAD_FEATURE as libc::c_int,
-            // BadConstant => PAM_BAD_CONSTANT as libc::c_int,
-            // ConverseAgain => PAM_CONV_AGAIN as libc::c_int,
-            // Incomplete => PAM_INCOMPLETE as libc::c_int,
+            Success => PAM_SUCCESS as c_int,
+            OpenError => PAM_OPEN_ERR as c_int,
+            SymbolError => PAM_SYMBOL_ERR as c_int,
+            ServiceError => PAM_SERVICE_ERR as c_int,
+            SystemError => PAM_SYSTEM_ERR as c_int,
+            BufferError => PAM_BUF_ERR as c_int,
+            ConversationError => PAM_CONV_ERR as c_int,
+            PermissionDenied => PAM_PERM_DENIED as c_int,
+            MaxTries => PAM_MAXTRIES as c_int,
+            AuthError => PAM_AUTH_ERR as c_int,
+            NewAuthTokenRequired => PAM_NEW_AUTHTOK_REQD as c_int,
+            CredentialsInsufficient => PAM_CRED_INSUFFICIENT as c_int,
+            AuthInfoUnavailable => PAM_AUTHINFO_UNAVAIL as c_int,
+            UserUnknown => PAM_USER_UNKNOWN as c_int,
+            CredentialsUnavailable => PAM_CRED_UNAVAIL as c_int,
+            CredentialsExpired => PAM_CRED_EXPIRED as c_int,
+            CredentialsError => PAM_CRED_ERR as c_int,
+            AccountExpired => PAM_ACCT_EXPIRED as c_int,
+            AuthTokenExpired => PAM_AUTHTOK_EXPIRED as c_int,
+            SessionError => PAM_SESSION_ERR as c_int,
+            AuthTokenError => PAM_AUTHTOK_ERR as c_int,
+            AuthTokenRecoveryError => PAM_AUTHTOK_RECOVERY_ERR as c_int,
+            AuthTokenLockBusy => PAM_AUTHTOK_LOCK_BUSY as c_int,
+            AuthTokenDisableAging => PAM_AUTHTOK_DISABLE_AGING as c_int,
+            NoModuleData => PAM_NO_MODULE_DATA as c_int,
+            Ignore => PAM_IGNORE as c_int,
+            Abort => PAM_ABORT as c_int,
+            TryAgain => PAM_TRY_AGAIN as c_int,
+            ModuleUnknown => PAM_MODULE_UNKNOWN as c_int,
+            BadItem => PAM_BAD_ITEM as c_int,
+            // DomainUnknown => PAM_DOMAIN_UNKNOWN as c_int,
+            // BadHandle => PAM_BAD_HANDLE as c_int,
+            // BadFeature => PAM_BAD_FEATURE as c_int,
+            // BadConstant => PAM_BAD_CONSTANT as c_int,
+            // ConverseAgain => PAM_CONV_AGAIN as c_int,
+            // Incomplete => PAM_INCOMPLETE as c_int,
             UnknownErrorType(e) => *e,
         }
     }
@@ -236,15 +238,15 @@ impl fmt::Display for PamError {
 
 impl PamError {
     /// Create a new PamError based on the error number from pam.
-    pub(super) fn from_pam(errno: libc::c_int) -> PamError {
+    pub(super) fn from_pam(errno: c_int) -> PamError {
         let tp = PamErrorType::from_int(errno);
         PamError::Pam(tp)
     }
 }
 
 /// Returns `Ok(())` if the error code is `PAM_SUCCESS` or a `PamError` in other cases
-pub(super) fn pam_err(err: libc::c_int) -> Result<(), PamError> {
-    if err == PAM_SUCCESS as libc::c_int {
+pub(super) fn pam_err(err: c_int) -> Result<(), PamError> {
+    if err == PAM_SUCCESS as c_int {
         Ok(())
     } else {
         Err(PamError::from_pam(err))