constexpr + noexcept in AuthSspi

mrotteveel · mrotteveel · commit ee1719476bdf · 2025-08-02T14:50:59.000+02:00
diff --git a/src/auth/trusted/AuthSspi.cpp b/src/auth/trusted/AuthSspi.cpp
@@ -41,9 +41,9 @@ namespace
 	Firebird::SimpleFactory<Auth::WinSspiClient> clientFactory;
 	Firebird::SimpleFactory<Auth::WinSspiServer> serverFactory;
 
-	const char* plugName = "Win_Sspi";
+	constexpr const char* plugName = "Win_Sspi";
 
-	void makeDesc(SecBufferDesc& d, SecBuffer& b, FB_SIZE_T len, void* p)
+	void makeDesc(SecBufferDesc& d, SecBuffer& b, FB_SIZE_T len, void* p) noexcept
 	{
 		b.BufferType = SECBUFFER_TOKEN;
 		b.cbBuffer = len;
@@ -57,7 +57,7 @@ namespace
 		ToType getProc(HINSTANCE lib, const char* entry)
 	{
 		FARPROC rc = GetProcAddress(lib, entry);
-		if (! rc)
+		if (!rc)
 		{
 			LongJump::raise();
 		}
@@ -70,21 +70,21 @@ namespace Auth {
 
 static thread_local bool legacySSP = false;
 
-void setLegacySSP(bool value)
+void setLegacySSP(bool value) noexcept
 {
 	legacySSP = value;
 }
 
 
 HINSTANCE AuthSspi::library = 0;
 
-bool AuthSspi::initEntries()
+bool AuthSspi::initEntries() noexcept
 {
-	if (! library)
+	if (!library)
 	{
 		library = LoadLibrary("secur32.dll");
 	}
-	if (! library)
+	if (!library)
 	{
 		return false;
 	}
@@ -136,7 +136,7 @@ AuthSspi::~AuthSspi()
 	}
 }
 
-const AuthSspi::Key* AuthSspi::getKey() const
+const AuthSspi::Key* AuthSspi::getKey() const noexcept
 {
 	if (sessionKey.hasData())
 		return &sessionKey;
@@ -152,6 +152,7 @@ bool AuthSspi::checkAdminPrivilege()
 	{
 		return false;
 	}
+	fb_assert(spc.AccessToken);
 
 	// Query required buffer size
 	DWORD token_len = 0;
@@ -187,7 +188,6 @@ bool AuthSspi::checkAdminPrivilege()
 	bool matched = false;
 	char groupName[256];
 	char domainName[256];
-	DWORD dwAcctName = 1, dwDomainName = 1;
 	SID_NAME_USE snu = SidTypeUnknown;
 
 	groupNames.clear();
@@ -200,8 +200,9 @@ bool AuthSspi::checkAdminPrivilege()
 		if ((ptg->Groups[i].Attributes & SE_GROUP_ENABLED) &&
 			!(ptg->Groups[i].Attributes & SE_GROUP_USE_FOR_DENY_ONLY))
 		{
-			DWORD dwSize = 256;
-			if (LookupAccountSid(NULL, ptg->Groups[i].Sid, groupName, &dwSize, domainName, &dwSize, &snu) &&
+			DWORD dwGroupName = sizeof(groupName);
+			DWORD dwDomainName = sizeof(domainName);
+			if (LookupAccountSid(NULL, ptg->Groups[i].Sid, groupName, &dwGroupName, domainName, &dwDomainName, &snu) &&
 				domainName[0] && strcmp(domainName, "NT AUTHORITY"))
 			{
 				string sumName = domainName;
@@ -246,7 +247,7 @@ bool AuthSspi::request(AuthSspi::DataHolder& data)
 
 	ULONG fContextAttr = 0;
 
-	SECURITY_STATUS x = fInitializeSecurityContext(
+	const SECURITY_STATUS x = fInitializeSecurityContext(
 		&secHndl, hasContext ? &ctxtHndl : 0, 0, 0, 0, SECURITY_NATIVE_DREP,
 		hasContext ? &inputDesc : 0, 0, &ctxtHndl, &outputDesc, &fContextAttr, &timeOut);
 
@@ -308,7 +309,7 @@ bool AuthSspi::accept(AuthSspi::DataHolder& data)
 	ULONG fContextAttr = 0;
 	SecPkgContext_Names name;
 	SecPkgContext_SessionKey key;
-	SECURITY_STATUS x = fAcceptSecurityContext(
+	const SECURITY_STATUS x = fAcceptSecurityContext(
 		&secHndl, hasContext ? &ctxtHndl : 0, &inputDesc, 0,
 		SECURITY_NATIVE_DREP, &ctxtHndl, &outputDesc,
 		&fContextAttr, &timeOut);
diff --git a/src/auth/trusted/AuthSspi.h b/src/auth/trusted/AuthSspi.h
@@ -58,7 +58,7 @@ class AuthSspi
 	typedef Firebird::UCharBuffer Key;
 
 private:
-	enum {BUFSIZE = 4096};
+	static constexpr size_t BUFSIZE = 4096;
 
 	SecHandle secHndl;
 	bool hasCredentials;
@@ -82,7 +82,7 @@ class AuthSspi
 	ACCEPT_SECURITY_CONTEXT_FN fAcceptSecurityContext;
 
 	bool checkAdminPrivilege();
-	bool initEntries();
+	bool initEntries() noexcept;
 
 public:
 	typedef Firebird::Array<unsigned char> DataHolder;
@@ -92,7 +92,7 @@ class AuthSspi
 
 	// true when has non-empty security context,
 	// ready to be sent to the other side
-	bool isActive() const
+	bool isActive() const noexcept
 	{
 		return hasContext;
 	}
@@ -107,7 +107,7 @@ class AuthSspi
 	bool getLogin(Firebird::string& login, bool& wh, GroupsList& grNames);
 
 	// returns session key for wire encryption
-	const Key* getKey() const;
+	const Key* getKey() const noexcept;
 };
 
 class WinSspiServer :
@@ -117,7 +117,7 @@ class WinSspiServer :
 	// IServer implementation
 	int authenticate(Firebird::CheckStatusWrapper* status, Firebird::IServerBlock* sBlock,
 		Firebird::IWriter* writerInterface);
-	void setDbCryptCallback(Firebird::CheckStatusWrapper* status, Firebird::ICryptKeyCallback* callback) {}; // do nothing
+	void setDbCryptCallback(Firebird::CheckStatusWrapper* status, Firebird::ICryptKeyCallback* callback) noexcept {}; // do nothing
 
 	WinSspiServer(Firebird::IPluginConfig*);
 
@@ -147,7 +147,7 @@ void registerTrustedServer(Firebird::IPluginManager* iPlugin);
 
 // Set per-thread flag that specify which security package should be used by
 // newly created plugin instances: true - use NTLM, false - use Negotiate.
-void setLegacySSP(bool value);
+void setLegacySSP(bool value) noexcept;
 
 } // namespace Auth
 

Original file line number	Diff line number	Diff line change
`@@ -41,9 +41,9 @@ namespace`
`41`	`41`	`Firebird::SimpleFactory<Auth::WinSspiClient> clientFactory;`
`42`	`42`	`Firebird::SimpleFactory<Auth::WinSspiServer> serverFactory;`
`43`	`43`
`44`		`- const char* plugName = "Win_Sspi";`
	`44`	`+ constexpr const char* plugName = "Win_Sspi";`
`45`	`45`
`46`		`- void makeDesc(SecBufferDesc& d, SecBuffer& b, FB_SIZE_T len, void* p)`
	`46`	`+ void makeDesc(SecBufferDesc& d, SecBuffer& b, FB_SIZE_T len, void* p) noexcept`
`47`	`47`	`{`
`48`	`48`	`b.BufferType = SECBUFFER_TOKEN;`
`49`	`49`	`b.cbBuffer = len;`
`@@ -57,7 +57,7 @@ namespace`
`57`	`57`	`ToType getProc(HINSTANCE lib, const char* entry)`
`58`	`58`	`{`
`59`	`59`	`FARPROC rc = GetProcAddress(lib, entry);`
`60`		`- if (! rc)`
	`60`	`+ if (!rc)`
`61`	`61`	`{`
`62`	`62`	`LongJump::raise();`
`63`	`63`	`}`
`@@ -70,21 +70,21 @@ namespace Auth {`
`70`	`70`
`71`	`71`	`static thread_local bool legacySSP = false;`
`72`	`72`
`73`		`-void setLegacySSP(bool value)`
	`73`	`+void setLegacySSP(bool value) noexcept`
`74`	`74`	`{`
`75`	`75`	`legacySSP = value;`
`76`	`76`	`}`
`77`	`77`
`78`	`78`
`79`	`79`	`HINSTANCE AuthSspi::library = 0;`
`80`	`80`
`81`		`-bool AuthSspi::initEntries()`
	`81`	`+bool AuthSspi::initEntries() noexcept`
`82`	`82`	`{`
`83`		`- if (! library)`
	`83`	`+ if (!library)`
`84`	`84`	`{`
`85`	`85`	`library = LoadLibrary("secur32.dll");`
`86`	`86`	`}`
`87`		`- if (! library)`
	`87`	`+ if (!library)`
`88`	`88`	`{`
`89`	`89`	`return false;`
`90`	`90`	`}`
`@@ -136,7 +136,7 @@ AuthSspi::~AuthSspi()`
`136`	`136`	`}`
`137`	`137`	`}`
`138`	`138`
`139`		`-const AuthSspi::Key* AuthSspi::getKey() const`
	`139`	`+const AuthSspi::Key* AuthSspi::getKey() const noexcept`
`140`	`140`	`{`
`141`	`141`	`if (sessionKey.hasData())`
`142`	`142`	`return &sessionKey;`
`@@ -152,6 +152,7 @@ bool AuthSspi::checkAdminPrivilege()`
`152`	`152`	`{`
`153`	`153`	`return false;`
`154`	`154`	`}`
	`155`	`+ fb_assert(spc.AccessToken);`
`155`	`156`
`156`	`157`	`// Query required buffer size`
`157`	`158`	`DWORD token_len = 0;`
`@@ -187,7 +188,6 @@ bool AuthSspi::checkAdminPrivilege()`
`187`	`188`	`bool matched = false;`
`188`	`189`	`char groupName[256];`
`189`	`190`	`char domainName[256];`
`190`		`- DWORD dwAcctName = 1, dwDomainName = 1;`
`191`	`191`	`SID_NAME_USE snu = SidTypeUnknown;`
`192`	`192`
`193`	`193`	`groupNames.clear();`
`@@ -200,8 +200,9 @@ bool AuthSspi::checkAdminPrivilege()`
`200`	`200`	`if ((ptg->Groups[i].Attributes & SE_GROUP_ENABLED) &&`
`201`	`201`	`!(ptg->Groups[i].Attributes & SE_GROUP_USE_FOR_DENY_ONLY))`
`202`	`202`	`{`
`203`		`- DWORD dwSize = 256;`
`204`		`- if (LookupAccountSid(NULL, ptg->Groups[i].Sid, groupName, &dwSize, domainName, &dwSize, &snu) &&`
	`203`	`+ DWORD dwGroupName = sizeof(groupName);`
	`204`	`+ DWORD dwDomainName = sizeof(domainName);`
	`205`	`+ if (LookupAccountSid(NULL, ptg->Groups[i].Sid, groupName, &dwGroupName, domainName, &dwDomainName, &snu) &&`
`205`	`206`	`domainName[0] && strcmp(domainName, "NT AUTHORITY"))`
`206`	`207`	`{`
`207`	`208`	`string sumName = domainName;`
`@@ -246,7 +247,7 @@ bool AuthSspi::request(AuthSspi::DataHolder& data)`
`246`	`247`
`247`	`248`	`ULONG fContextAttr = 0;`
`248`	`249`
`249`		`- SECURITY_STATUS x = fInitializeSecurityContext(`
	`250`	`+ const SECURITY_STATUS x = fInitializeSecurityContext(`
`250`	`251`	`&secHndl, hasContext ? &ctxtHndl : 0, 0, 0, 0, SECURITY_NATIVE_DREP,`
`251`	`252`	`hasContext ? &inputDesc : 0, 0, &ctxtHndl, &outputDesc, &fContextAttr, &timeOut);`
`252`	`253`
`@@ -308,7 +309,7 @@ bool AuthSspi::accept(AuthSspi::DataHolder& data)`
`308`	`309`	`ULONG fContextAttr = 0;`
`309`	`310`	`SecPkgContext_Names name;`
`310`	`311`	`SecPkgContext_SessionKey key;`
`311`		`- SECURITY_STATUS x = fAcceptSecurityContext(`
	`312`	`+ const SECURITY_STATUS x = fAcceptSecurityContext(`
`312`	`313`	`&secHndl, hasContext ? &ctxtHndl : 0, &inputDesc, 0,`
`313`	`314`	`SECURITY_NATIVE_DREP, &ctxtHndl, &outputDesc,`
`314`	`315`	`&fContextAttr, &timeOut);`