Nicolas Williams wrote: > On Thu, Sep 11, 2008 at 06:26:40PM +0200, Mark Phalan wrote: >> ???Was just doing some testing going through the different kinit and >> PKCS11 opts to make sure everything is working ok. One of the options >> which can be given as an argument is a path to a libpkcs11 library to >> use (for e.g. -X PKCS11:module_name=/tmp/libpkcs11.so.1). >> kinit is already linked against /usr/lib/libpkcs11.so.1. Won't bad >> things happen if we dlopen() another libpkcs11.so and start trying to >> call functions from it?
But you don't call functions directly from it. You use dlsym and the handle returned by dlopen to get the C_GetFunctionList entry point, that returns an array of entry points in the particular module. The OpenSC pkcs11-tool is a good example. It uses its C_LoadModule routine to load the module and return the p11 pointer. then to call a routine they do something like: p11->C_GetSlotList Mozilla can load multiple pkcs11 modules... Do direct bindings or anything get us anywhere >> here? >> I don't have a second libpkcs11.so on my system so and things don't seem >> to blow up if a copy of libpkcs11.so is given as an argument to kinit. I > > Right, the linker is smart enough not to load the same object twice. But you are using dlopen, not the linker... Where you can run into problems, depends on how the module was linked which you indicate below. > >> guess potentially the libpkcs11.so from opensc could be given as an >> argument.. > > Yeah, things should blow up, though if you use direct bindingins when > building OpenSC you may well avoid any problems. > >> Thoughts? > > Can we exclude that option in Solaris? OTOH, if we package and deliver > OpenSC then we arguably should not exclude that option, but make it > work instead. Yes! > > The two options for making it work: use direct binding when building > OpenSC, or dlopen as RTLD_LOCAL | RTLD_GROUP -- but the latter can be > tricky. OpenSC may not have all the linker options correct, But if anyone can figure it out, you can ... > > Nico -- Douglas E. Engert <DEEngert at anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444
