Re: coolkey on FreeBSD - Firefox segfaults when trying to add libcoolkeypk11.so as a security module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kevin Reinholz wrote, On 12/02/2007 11:29 AM:
Ladies and Gentlemen,


Hello, again. :)

I am trying to build coolkey-1.1.0 on FreeBSD 7.0-beta2.

After extracting the coolkey source tarball, I built coolkey with the following steps:

vi configure
:%s/-ldl/-lc/g

(This step was necessary because unlike Linux, FreeBSD's libc contains the functionality found in libdl on Linux, so there is no libdl on FreeBSD. I'm sure there's a more elegant way to accomplish this but this is how I did it).

I would suspect gcc/ld is smart enough to not link libc in twice, but I would (out of paranoia) just delete, or replace with spaces, "-ldl" from where it was found in configure instead of replacing with "-lc". Also does ld need to be called with -export-dynamic as per the freebsd manpage for dynamic linking, or is it being called that way by gcc/make?
http://www.freebsd.org/cgi/man.cgi?query=dlopen&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html

This defiantly seems like a place where automake is not handling the deltas between Linux, Solaris and FreeBSD correctly, or that the CoolKey folks have not called the right thing in the configure.in to get or not get libdl as needed.



env CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS=-L/usr/local/lib NSS_CFLAGS=-I/usr/local/include/nss/nss NSS_LIBS=-L/usr/local/lib/nss ./configure --prefix=/usr/opt

gmake
gmake install

I should note that PCSC (installed through Ports) is apparently functioning properly and that the light on my SCM 331 smart card reader blinks when I insert my CAC. I successfully built commonAccessCard.bundle using Apple's CACPlugin and the muscle framework and using that am able to view the certificates on my CAC, so the problem does not seem to lie with my hardware or PCSC. Unfortunately, commonAccessCard.bundle has its share of problems and after choosing a certificate and entering my PIN at AF Portal or other secure DoD sites, I receive an NSS error. (Error code -12222). Inquiries on the MUSCLE mailing list led to the conclusion that commonAccessCard.bundle is unstable and coolkey the better solution for CAC access on Mozilla products.

When I try to add libcoolkeypk11.so as a Security Module in Firefox, the dinosaur segfaults without an error message. (Exit code 139).


two suggestions for attempting to narrow down the problems.
1) "set COOL_KEY_LOG_FILE in the environment to point somewhere, and the [coolkey] module will dutifully log what it's doing" from "Timothy J. Miller" <tmiller@xxxxxxxxx>.

2) if you have not already, try getting pam_pkcs11 compiled and installed.
You don't have to configure pam to use it, but you need to configure pam_pkcs11 a little (get certificate authorities installed, point it to coolkey and set debug flags), and then you can use pkcs11_inspect to see if coolkey and the pam_pkcs11 code can get data from the card through pcscd and coolkey. Do be aware that in DEBUG mode pkcs11_inspect echo's back your pin in clear text (take appropriate precautions, when doing it and when sending logs).

An ldd of libcoolkeypk11.so reveals:

/usr/opt/lib/pkcs11/libcoolkeypk11.so:
        libckyapplet.so.1 => /usr/opt/lib/libckyapplet.so.1 (0x281a6000)
        libz.so.4 => /lib/libz.so.4 (0x281b1000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x28300000)
        libm.so.5 => /lib/libm.so.5 (0x281c3000)
        libc.so.7 => /lib/libc.so.7 (0x28089000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x281d8000)

An ldd of libckyapplet.so.1 reveals:

/usr/opt/lib/libckyapplet.so.1:
        libz.so.4 => /lib/libz.so.4 (0x28190000)
        libc.so.7 => /lib/libc.so.7 (0x28089000)

Should either of these coolkey shared objects be explicitly linked to libpcsclite.so.1?


modulus the stuff I am sure is Linux specific and libdl.so (and that your's is in /usr/opt/ vice /usr/local/ ), your ldd's are the same as mine.

coolkey's src/install/Makefile reveals that it correctly recognizes SCARD_LIB_NAME = libpcsclite.so.1 which it is looking for in PCSC_LIBS = -L/usr/local/lib.

is /usr/local/something where your libpcsclite.so.1 resides?
If not you may need to make coolkey configure believe that libpcsclite.so.1 exists in the place where it is installed on your machine.


Has anyone successfully tested coolkey on a *BSD system? Building it on FreeBSD is easy enough.
Loading it as a security module in Firefox is not.

V/r,
Kevin Reinholz



--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux