Use krb5int_open_plugin for PKCS#11 module

author Ken Hornstein <kenh@cmf.nrl.navy.mil>

Mon, 15 Mar 2021 02:18:53 +0000 (22:18 -0400)

committer Greg Hudson <ghudson@mit.edu>

Tue, 16 Mar 2021 20:07:01 +0000 (16:07 -0400)
author Ken Hornstein <kenh@cmf.nrl.navy.mil>
Mon, 15 Mar 2021 02:18:53 +0000 (22:18 -0400)
committer Greg Hudson <ghudson@mit.edu>
Tue, 16 Mar 2021 20:07:01 +0000 (16:07 -0400)
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c

index d29b03dfb6ad05cb9e93e9b9e6de22b01c880a73..b6266b4b55376eb50a9b6640960ce508b51f0a12 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -34,7 +34,6 @@
  #include "k5-json.h"
  
  #include <unistd.h>
-#include <dlfcn.h>
  #include <sys/stat.h>
  
  /**
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

index e5940a5135c6aab77105cc1f43f33f18669a9e36..fbbdab510819ccb1a8284a2484dfb5c0bfa58b4c 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -33,7 +33,6 @@
  #include "pkinit_crypto_openssl.h"
  #include "k5-buf.h"
  #include "k5-hex.h"
-#include <dlfcn.h>
  #include <unistd.h>
  #include <dirent.h>
  #include <arpa/inet.h>
@@ -102,8 +101,8 @@ static krb5_error_code pkinit_login
   CK_TOKEN_INFO *tip, const char *password);
  static krb5_error_code pkinit_open_session
  (krb5_context context, pkinit_identity_crypto_context id_cryptoctx);
-static void * pkinit_C_LoadModule(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p);
-static CK_RV pkinit_C_UnloadModule(void *handle);
+static struct plugin_file_handle *pkinit_C_LoadModule
+(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p);
  #ifdef SILLYDECRYPT
  CK_RV pkinit_C_Decrypt
  (pkinit_identity_crypto_context id_cryptoctx,
@@ -1006,7 +1005,7 @@ pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx)
          ctx->p11 = NULL;
      }
      if (ctx->p11_module != NULL) {
-        pkinit_C_UnloadModule(ctx->p11_module);
+        krb5int_close_plugin(ctx->p11_module);
          ctx->p11_module = NULL;
      }
      free(ctx->p11_module_name);
@@ -3548,21 +3547,30 @@ prepare_enc_data(const uint8_t *indata, int indata_len, uint8_t **outdata,
  }
  
  #ifndef WITHOUT_PKCS11
-static void *
+static struct plugin_file_handle *
  pkinit_C_LoadModule(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p)
  {
-    void *handle;
+    struct plugin_file_handle *handle;
      CK_RV (*getflist)(CK_FUNCTION_LIST_PTR_PTR);
+    struct errinfo einfo = EMPTY_ERRINFO;
+    void (*sym)();
+    long err;
+    CK_RV rv;
  
      pkiDebug("loading module \"%s\"... ", modname);
-    handle = dlopen(modname, RTLD_NOW);
-    if (handle == NULL) {
+    if (krb5int_open_plugin(modname, &handle, &einfo) != 0) {
          pkiDebug("not found\n");
          return NULL;
      }
-    getflist = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR)) dlsym(handle, "C_GetFunctionList");
-    if (getflist == NULL || (*getflist)(p11p) != CKR_OK) {
-        dlclose(handle);
+
+    err = krb5int_get_plugin_func(handle, "C_GetFunctionList", &sym, &einfo);
+    k5_clear_error(&einfo);
+    if (!err) {
+        getflist = (CK_RV (*)())sym;
+        rv = (*getflist)(p11p);
+    }
+    if (err || rv != CKR_OK) {
+        krb5int_close_plugin(handle);
          pkiDebug("failed\n");
          return NULL;
      }
@@ -3570,13 +3578,6 @@ pkinit_C_LoadModule(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p)
      return handle;
  }
  
-static CK_RV
-pkinit_C_UnloadModule(void *handle)
-{
-    dlclose(handle);
-    return CKR_OK;
-}
-
  static krb5_error_code
  pkinit_login(krb5_context context,
               pkinit_identity_crypto_context id_cryptoctx,
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h

index 957c3def45a58701a76487bc077fef7a720e7f54..ea28b8edc4ff2068842c938b0ce4499af2eda6db 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
@@ -84,7 +84,7 @@ struct _pkinit_identity_crypto_context {
      char *token_label;
      char *cert_label;
      /* These are crypto-specific */
-    void *p11_module;
+    struct plugin_file_handle *p11_module;
      CK_SESSION_HANDLE session;
      CK_FUNCTION_LIST_PTR p11;
      uint8_t *cert_id;
diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c

index cee448db98aaa9eceeff94ef6de67aa0c94176f5..4c8e8434c27d44c605cbfac2c9dc6f359b9953a6 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_identity.c
+++ b/src/plugins/preauth/pkinit/pkinit_identity.c
@@ -30,7 +30,6 @@
   */
  
  #include "pkinit.h"
-#include <dlfcn.h>
  #include <dirent.h>
  
  static void
author	Ken Hornstein <kenh@cmf.nrl.navy.mil>
	Mon, 15 Mar 2021 02:18:53 +0000 (22:18 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 16 Mar 2021 20:07:01 +0000 (16:07 -0400)
src/plugins/preauth/pkinit/pkinit_clnt.c		patch \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c		patch \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.h		patch \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_identity.c		patch \| blob \| blame \| history